@Benjamin: Argh, I had to uncommit/recommit these three as the CVE numbers came in at the last minute, and apparently got the commit messages the wrong way around (meh @ not having rebase in bzr..) I did some surgery on the branch and the commit messages are correct now.
When I created the fixes I also verified that this was the only eval() in the entire source, there is none left now. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1648806 Title: Arbitrary code execution through crafted CrashDB or Package/Source fields in .crash files To manage notifications about this bug go to: https://bugs.launchpad.net/apport/+bug/1648806/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs