Policies for tarfile.extractall, a.k.a. fixing CVE-2007-4559

encukou (Petr Viktorin) April 24, 2023, 3:15pm 28

Thank you! That was fast :‍)

The 3.12 implementation is merged. I’ll start on the 3.11 backport, and update the PEP after its docs are rebuilt, so I can link them in the canonical-doc admonition.

3 Likes

Topic		Replies	Views
Python 3.11.1, 3.10.9, 3.9.16, 3.8.16, 3.7.16, and 3.12.0 alpha 3 are now available Committers release	2	4008	December 6, 2023
Getting High and Medium Vulnerabilities in Python 3.11.4 Python Help governance , help	7	1501	June 29, 2023
Can a fix for CVE-2022-26488 be available sooner than April 4th? Python Help release	3	951	March 10, 2022
Python 3.10.14, 3.9.19, and 3.8.19 are now available! Committers release	0	2325	March 20, 2024
Python 3.10.3, 3.9.11, 3.8.13, and 3.7.13 are now available with security content Committers release	0	5047	March 16, 2022