reportbug Report smtppasswd Setting Information Disclosure
Local Access Required
Loss of Confidentiality
Reportbug contains a flaw that may allow a malicious user to read possibly sensitive information in the "reportbugrc" file. The issue exists because by default the file is world readable. It is possible that the flaw may allow loss of confidentiality since the file might contain the smtppasswd.
Upgrade to version 3.8 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Set the permissions on the file with the following command: chmod 600 .reportbugrc