Just to be clear: How does "self.offer_restart = True" avoid generic "eval()" and use "ast.literal_eval()" instead?
Does this also mean that there are still situations where "eval()" is called? And why? This always leads to security issues, it's just a matter of time.
Question:
The release notes state: "Use ast.literal_eval() instead of the generic eval(), to prevent arbitrary code execution from malicious .crash files"
The change should be in ui.py in this revision:
http:// bazaar. launchpad. net/~apport- hackers/ apport/ trunk/revision/ 3114
Just to be clear: How does "self.offer_restart = True" avoid generic "eval()" and use "ast.literal_ eval()" instead?
Does this also mean that there are still situations where "eval()" is called? And why? This always leads to security issues, it's just a matter of time.
Thanks for fixing it quickly.