From mboxrd@z Thu Jan  1 00:00:00 1970
From: Markus Klotzbuecher <mk@mkio.de>
Date: Wed, 12 Feb 2020 20:46:43 +0100
Subject: [PATCH 0/2] moveconfig fixes
Message-ID: <20200212194645.1765445-1-mk@mkio.de>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

Two fixes to moveconfig: the first addresses a potential security
issue reported by Heinrich Schuchardt caused by using the Python
built-in eval to expand CONFIG_ value expressions. Running moveconfig
on a maliciously prepared CONFIG could lead to execution of arbitrary
Python code. The second is a Python3 bugfix.

Markus Klotzbuecher (2):
  moveconfig: replace unsafe eval with asteval
  moveconfig: convert ps.stderr to string

 tools/moveconfig.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

-- 
2.25.0