Two fixes to moveconfig: the first addresses a potential security issue reported by Heinrich Schuchardt caused by using the Python built-in eval to expand CONFIG_ value expressions. Running moveconfig on a maliciously prepared CONFIG could lead to execution of arbitrary Python code. The second is a Python3 bugfix.
Markus Klotzbuecher (2): moveconfig: replace unsafe eval with asteval moveconfig: convert ps.stderr to string tools/moveconfig.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) -- 2.25.0
