One of the flaws, tracked as CVE-2016-9949, relies on a python code injection in the crash file. Apport blindly uses the python eval () function on an unsanitized field (CrashDB) inside the .crash ...