thr3ads.net - Secure testing team - [Secure-testing-team] Bug#547132: CVE-2009-3165: SQL injection vulnerability [Sep 2009]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-Sep-17 07:06 UTC

[Secure-testing-team] Bug#547132: CVE-2009-3165: SQL injection vulnerability

Package: bugzilla
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for bugzilla.

CVE-2009-3165[0]:
| SQL injection vulnerability in the Bug.create WebService function in
| Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through
| 3.4.1 allows remote attackers to execute arbitrary SQL commands via
| unspecified parameters.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3165
    http://security-tracker.debian.net/tracker/CVE-2009-3165


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqx3+cACgkQNxpp46476aq31gCeLMfMJuutOzPwP+0uouISHD4/
fjAAn1q/BdldzmPcE/W9vh5Im9h3FoRj
=Kbgf
-----END PGP SIGNATURE-----

Secure testing team - Sep 2009 - Bug#547132: CVE-2009-3165: SQL injection vulnerability

[Secure-testing-team] Bug#547132: CVE-2009-3165: SQL injection vulnerability