CVE-2014-0479

NameCVE-2014-0479
Descriptionreportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-31-1, DSA-2997-1
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
reportbug (PTS)stretch7.1.7+deb9u3fixed
buster7.5.3~deb10u1fixed
bullseye7.10.3+deb11u1fixed
bookworm, sid11.1.0fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
reportbugsourcesqueeze4.12.6+deb6u1
reportbugsourcewheezy6.4.4+deb7u1DSA-2997-1
reportbugsource(unstable)6.5.0+nmu1

Search for package or bug name: Reporting problems