CVE-2014-0479

NameCVE-2014-0479
Descriptionreportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-31-1, DSA-2997-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
reportbug (PTS)wheezy, wheezy (security)6.4.4+deb7u1fixed
jessie6.6.3fixed
buster, sid, stretch7.1.7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
reportbugsource(unstable)6.5.0+nmu1medium
reportbugsourcesqueeze4.12.6+deb6u1medium
reportbugsourcewheezy6.4.4+deb7u1mediumDSA-2997-1

Search for package or bug name: Reporting problems