Episode 344 - Python tarfile - 2022 is nothing like 2007

#cybersecurity #source #open #opensource #security #technology

A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. There is a special open source twist to the discussion often giving a unique perspective on any given topic.

Episode 344 - Python tarfile - 2022 is nothing like 2007

October 09, 2022 34:50 33.99 MB Downloads: 0

Josh and Kurt talk about a newly rediscovered old python vulnerability. It raises a lot of questions about what was OK in 2007 vs what's OK in 2022. The issue is very complicated and has a wild story surrounding it. There is no reason to not fix this in 2022.

Show Notes

CVE-2007-4559
Red Hat Bug
Register story
Response from upstream
Upstream patch
ZippSlip
Current upstream bug
CSURF

Add New Podcast

Subscribe to this podcast

Episode 344 - Python tarfile - 2022 is nothing like 2007