Episode 344

Episode 344 - Python tarfile - 2022 is nothing like 2007

Open Source Security · Open Source Security

October 10, 202234m 50s

Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

Josh and Kurt talk about a newly rediscovered old python vulnerability. It raises a lot of questions about what was OK in 2007 vs what's OK in 2022. The issue is very complicated and has a wild story surrounding it. There is no reason to not fix this in 2022.

Show Notes

CVE-2007-4559
Red Hat Bug
Register story
Response from upstream
Upstream patch
ZippSlip
Current upstream bug
CSURF

← All episodes of Open Source Security