![]() |
|
Message-ID: <94d43c9f-1280-4247-bef2-556190620d84@wichmann.us> Date: Mon, 28 Jul 2025 17:00:29 -0600 From: Mats Wichmann <mats@...hmann.us> To: oss-security@...ts.openwall.com Subject: Re: Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset On 7/28/25 13:55, Alan Coopersmith forwarded a cPython security issue: some unfortunate glitches here. first, a template failure: > There is a HIGH severity vulnerability affecting {project}. second and third: > Please see the linked CVE ID for the latest information on affected > versions: > > * https://www.cve.org/CVERecord?id=CVE-2025-8194 The CVE contents suggest nothing is broken: > affected > affected from 0 before 3.14.0 (3.14 still being unreleased). But patches for this were backported to all supported cPython versions, so the effect must be a bit wider than that. And in the cve record itself, the patch suggestion comes out mangled.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.