CVE-2014-0479

NameCVE-2014-0479
Descriptionreportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-31-1, DSA-2997-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
reportbug (PTS)jessie6.6.3+deb8u1fixed
stretch7.1.7+deb9u2fixed
buster, sid7.5.0fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
reportbugsource(unstable)6.5.0+nmu1medium
reportbugsourcesqueeze4.12.6+deb6u1medium
reportbugsourcewheezy6.4.4+deb7u1mediumDSA-2997-1

Search for package or bug name: Reporting problems