Joydeep Tripathy

> Marking as unblocked now that the release is done. > > It's still failing with the following message: > > ``` > Run files=$(git diff --name-only 6abca452cae5546029a21f9b8db03a2a6ee5c822 9bf7a8e572bc4ab05248b861c5d271b48792631a |...

Thank you @Dev-Voldemort for taking this up. It would help a lot in identifying the faults in the daily and weekly CI. I would like to add that it would...

> I'm new to _fuzzers_, so I don't know how an OK fuzzer should be working. > > After reviewing some errors, and applying some nits, I'm getting this: >...

> Making the responsible functions asynchronous seems to resolve the errors, but I'm not sure if that's the correct way to go. Are you sure? Making all those functions asynchronous...

> Hello, [unblob](https://github.com/onekey-sec/unblob) could be used to extract a wide variety of file formats including tar. unblob implemented a `SafeTarFile` class as tarfile is indeed vulnerable to path traversal ([onekey-sec/unblob#459](https://github.com/onekey-sec/unblob/issues/459))....

> A few things: > > * bandit is currently reporting even safe usage of the library (there's an open bug about that, or at least it was open when...

Actually , since we are talking about extractors, I did come across one little thing. The tar files inside the test.deb that we have in test/assets (now also in test/language_data)...

Hello @mastersans , Thanx for letting me know. The function I had used to extract was the aio_unpack_archive(), which is basically an asynchronous wrapper around the shutil function unpack_archive(). We...

I'm gonna close this since it has already been resolved

Filing this to so that i can work on it after [this](https://github.com/intel/cve-bin-tool/pull/3543) is merged. @terriko