Re: Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset

[Mats Wichmann <mats () wichmann us>]

On 7/28/25 13:55, Alan Coopersmith forwarded a cPython security issue:

some unfortunate glitches here. first, a template failure:

> There is a HIGH severity vulnerability affecting {project}.

second and third:

> Please see the linked CVE ID for the latest information on affected 
> versions:
>
> * https://www.cve.org/CVERecord?id=CVE-2025-8194
The CVE contents suggest nothing is broken:

> affected

>    affected from 0 before 3.14.0

(3.14 still being unreleased).  But patches for this were backported to 
all supported cPython versions, so the effect must be a bit wider than that.


And in the cve record itself, the patch suggestion comes out mangled.