6058704b1d
This fixes the following vulnerability:
- CVE-2025-8194
There is a defect in the CPython “tarfile” module affecting the
“TarFile” extraction and entry enumeration APIs. The tar
implementation would process tar archives with negative offsets
without error, resulting in an infinite loop and deadlock during the
parsing of maliciously crafted tar archives. This vulnerability can
be mitigated by including the following patch after importing the
“tarfile” module:
https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2025-8194
- c9d9f78feb
Signed-off-by: Thomas Perale <thomas.perale@mind.be>