Insecure pyyaml call to load()

[vince-ice]

PyYAML calls to load() by Processing allow to execute arbitrary function calls.
Please see yaml/pyyaml#265

Describe the bug
It is reported that in PyYAML before 4.1, usage of yaml.load() function on untrusted input could lead to arbitrary code execution. It is therefore recommended to use yaml.safe_load() instead. With 4.1, yaml.load() has been changed to call safe_load().

• Report: http://seclists.org/oss-sec/2018/q2/240
• Upstream change: Make pyyaml safe by default. yaml/pyyaml#74

QGIS and OS versions
QGIS 3.4.7-Madeira

Patch
Please consider changeing /usr/share/qgis/python/plugins/processing/algs/help/init.py , inside loadShortHelp, line 46
from:
for k, v in yaml.load(stream).items():
to:
for k, v in yaml.safe_load(stream).items():

[DelazJ]

Looking to the source, I see at https://github.com/qgis/QGIS/blob/master/python/plugins/processing/algs/help/__init__.py#L44
for k, v in yaml.load(stream, Loader=yaml.SafeLoader).items(): so I guess it's fixed. Note that this change is not ported to 3.4 though (I don't know if it's an omission or intended).