change "yaml.load" to better "yaml.safe_load"

https://bugs.gentoo.org/659348 It is reported that in PyYAML before 4.1, usage of yaml.load() function on untrusted input could lead to arbitrary code execution. It is therefore recommended to use yaml.safe_load() instead. With 4.1, yaml.load() has been changed to call safe_load(). * Report: http://seclists.org/oss-sec/2018/q2/240 * Upstream change: yaml/pyyaml#74 * CVE: pending -- Gentoo Security Scout Vladimir Krstulja
rcmcronny · May 28, 2019 · b6f0d51 · b6f0d51
1 parent bb41a77
commit b6f0d51
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/dmarchiver.py b/dmarchiver.py
@@ -34,7 +34,7 @@
 
 try:
 	with open(config, 'r') as ymlfile:
-		cfg = yaml.load(ymlfile)
+		cfg = yaml.safe_load(ymlfile)
 
 		imap_host       = cfg['imap']['imap_host']
 		imap_port       = cfg['imap']['imap_port']