CVE-2009-3165

Priority
Medium
Description
SQL injection vulnerability in the Bug.create WebService function in
Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1
allows remote attackers to execute arbitrary SQL commands via unspecified
parameters.
References
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (3.2.5.0-1)
Ubuntu 11.04 (Natty Narwhal):not-affected (3.2.5.0-1)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (3.2.5.0-1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (3.2.5.0-1)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:09 UTC (commit 5347)