[PATCH 0/2] moveconfig fixes
Markus Klotzbuecher
mk at mkio.de
Wed Feb 12 20:46:43 CET 2020
Two fixes to moveconfig: the first addresses a potential security
issue reported by Heinrich Schuchardt caused by using the Python
built-in eval to expand CONFIG_ value expressions. Running moveconfig
on a maliciously prepared CONFIG could lead to execution of arbitrary
Python code. The second is a Python3 bugfix.
Markus Klotzbuecher (2):
moveconfig: replace unsafe eval with asteval
moveconfig: convert ps.stderr to string
tools/moveconfig.py | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--
2.25.0
More information about the U-Boot
mailing list