CVE-2014-0479

NameCVE-2014-0479
Descriptionreportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-31-1, DSA-2997-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
reportbug (PTS)buster7.5.3~deb10u1fixed
buster (security)7.5.3~deb10u2fixed
bullseye7.10.3+deb11u1fixed
bookworm12.0.0fixed
trixie, sid13.0.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
reportbugsourcesqueeze4.12.6+deb6u1
reportbugsourcewheezy6.4.4+deb7u1DSA-2997-1
reportbugsource(unstable)6.5.0+nmu1
Search for package or bug name: Reporting problems