Most Python developers haven't looked twice at the gzip module since they first imported it. It compresses, it decompresses, it ships with the language.
Most vulnerability disclosures follow a predictable rhythm.