Rolf Leggewie

**Name of the Vulnerable Software and Affected Versions** reportbug versions prior to 2.62 **Description** The issue allows local users to obtain email smarthost passwords due to the .reportbugrc configuration file being created with world-readable permissions. **Recommendations** For versions prior to 2.62, update to version 2.62 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the .reportbugrc configuration file to restrict access.

**Name of the Vulnerable Software and Affected Versions** reportbug version 3.2 **Description** The issue exposes sensitive information, such as `smtpuser` and `smtppasswd`, by including settings from the .reportbugrc file in bug reports. **Recommendations** For reportbug version 3.2, consider removing or modifying the .reportbugrc file to exclude sensitive information, such as `smtpuser` and `smtppasswd`, from being included in bug reports.