12 Feb
2020
12 Feb
'20
8:46 p.m.
Two fixes to moveconfig: the first addresses a potential security issue reported by Heinrich Schuchardt caused by using the Python built-in eval to expand CONFIG_ value expressions. Running moveconfig on a maliciously prepared CONFIG could lead to execution of arbitrary Python code. The second is a Python3 bugfix.
Markus Klotzbuecher (2): moveconfig: replace unsafe eval with asteval moveconfig: convert ps.stderr to string
tools/moveconfig.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
--
2.25.0