[Secure-testing-team] Bug#547132: CVE-2009-3165: SQL injection vulnerability
Giuseppe Iuculano
giuseppe at iuculano.it
Thu Sep 17 07:06:18 UTC 2009
Package: bugzilla
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for bugzilla.
CVE-2009-3165[0]:
| SQL injection vulnerability in the Bug.create WebService function in
| Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through
| 3.4.1 allows remote attackers to execute arbitrary SQL commands via
| unspecified parameters.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3165
http://security-tracker.debian.net/tracker/CVE-2009-3165
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqx3+cACgkQNxpp46476aq31gCeLMfMJuutOzPwP+0uouISHD4/
fjAAn1q/BdldzmPcE/W9vh5Im9h3FoRj
=Kbgf
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list