CVE-2019-7306

NameCVE-2019-7306
DescriptionByobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
byobu (PTS)jessie5.87-1vulnerable
stretch5.112-1vulnerable
buster5.112-1.1vulnerable
bullseye5.133-1vulnerable
sid, trixie, bookworm5.133-1.1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
byobusource(unstable)(unfixed)unimportant

Notes

https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/1827202
Issue in /usr/share/apport/package-hooks/source_byobu.py hook,
non-issue in Debian as Apport not present.

Search for package or bug name: Reporting problems