Debian Reportbug vulnerabilities

CVE-2014-0479 [MEDIUM] CWE-94 CVE-2014-0479: reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitra reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.

CVE-2005-0625 [LOW] CVE-2005-0625: reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive informatio reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive information such as smtpuser and smtppasswd.

CVE-2005-0624 [LOW] CVE-2005-0624: reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, w reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords.