Apport blindly uses the python eval () function on an unsanitized field (CrashDB) inside the .crash file. This leads directly to arbitrary python code execution.