FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bugzilla -- information leak

Affected packages
3.3.1 < bugzilla < 3.4.5

Details

VuXML ID 696053c6-0f50-11df-a628-001517351c22
Discovery 2010-01-31
Entry 2010-02-01

A Bugzilla Security Advisory reports:

When moving a bug from one product to another, an intermediate page is displayed letting you select the groups the bug should be restricted to in the new product. However, a regression in the 3.4.x series made it ignore all groups which are not available in both products. As a workaround, you had to move the bug to the new product first and then restrict it to the desired groups, in two distinct steps, which could make the bug temporarily public.

References

CVE Name CVE-2009-3387
URL http://www.bugzilla.org/security/3.0.10/