Mention issue6972 in extractall docs about overwriting things outside of

the supplied path.

Doc/library/zipfile.rst

@@ -207,6 +207,13 @@ ZipFile Objects
    be a subset of the list returned by :meth:`namelist`.  *pwd* is the password
    used for encrypted files.
 
+   .. warning::
+
+      Never extract archives from untrusted sources without prior inspection.
+      It is possible that files are created outside of *path*, e.g. members
+      that have absolute filenames starting with ``"/"`` or filenames with two
+      dots ``".."``.
+
    .. versionadded:: 2.6