reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords.
https://exchange.xforce.ibmcloud.com/vulnerabilities/19504
https://bugzilla.ubuntu.com/show_bug.cgi?id=6600
http://secunia.com/advisories/14422/