FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bugzilla -- information leak

Affected packages
3.3.1 < bugzilla < 3.4.4

Details

VuXML ID 92ca92c1-d859-11de-89f9-001517351c22
Discovery 2009-11-18
Entry 2009-11-23

A Bugzilla Security Advisory reports:

When a bug is in a group, none of its information (other than its status and resolution) should be visible to users outside that group. It was discovered that as of 3.3.2, Bugzilla was showing the alias of the bug (a very short string used as a shortcut for looking up the bug) to users outside of the group, if the protected bug ended up in the "Depends On" or "Blocks" list of any other bug.

References

CVE Name CVE-2009-3386
URL http://www.bugzilla.org/security/3.4.3/