Episode 344 - Python tarfile - 2022 is nothing like 2007

10/10/2022 34 min Episodio 344

Listen "Episode 344 - Python tarfile - 2022 is nothing like 2007"

Descargar episodio Ver en sitio original

Episode Synopsis

Josh and Kurt talk about a newly rediscovered old python vulnerability. It raises a lot of questions about what was OK in 2007 vs what's OK in 2022. The issue is very complicated and has a wild story surrounding it. There is no reason to not fix this in 2022. Show Notes CVE-2007-4559 Red Hat Bug Register story Response from upstream Upstream patch ZippSlip Current upstream bug CSURF

More episodes of the podcast Open Source Security

Iocaine poisons bots with Gergely Nagy 12/01/2026

Anubis with Xe Iaso 05/01/2026

Rustls with Dirkjan and Joe 29/12/2025

Daniel Thompson answers: Does the CRA apply to Santa? 22/12/2025

Linux Foundation Europe with Gabriele Columbro 15/12/2025

Updating open source dependencies with Jamie Tanna 08/12/2025

TARmageddon with Alex Zenla 01/12/2025

Python Security with Seth Larson 24/11/2025

Linux Vendor Firmware Service with Richard Hughes 17/11/2025

NPM supply chain attacks with Charlie Eriksen 09/11/2025

Ver todos los episodios

ZARZA We are Zarza, the prestigious firm behind major projects in information technology.

Episode 344 - Python tarfile - 2022 is nothing like 2007

Listen "Episode 344 - Python tarfile - 2022 is nothing like 2007"

Episode Synopsis

More episodes of the podcast Open Source Security

Choose a domain name, or change it!

Prevent Attacks From Your Local Area Network

Bandwidth: Broadband or Narrowband?

Personnel recruitment via Web

Deep web or Invisible Internet

Subdomains, a glance with the experts!

Free Internet, a prediction in Nostradamus style

Educational Technology: From traditional to digital

Localhost, there’s no place like 127.0.0.1

Googling with breathtaking tricks you ignore

Gray Hat Hacking, those with ambiguous ethics…

Internet Predators on the prowl

Dot COM: The Internet’s dominant TLD