Candidate: CVE-2011-2979
PublicDate: 2011-08-09 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2979
Description:
 Bugzilla 4.1.x before 4.1.3 generates different responses for certain
 assignee queries depending on whether the group name is valid, which allows
 remote attackers to determine the existence of private group names via a
 custom search.  NOTE: this vulnerability exists because of a CVE-2010-2756
 regression.
Ubuntu-Description:
Notes:
 mdeslaur> 4.1.x only
Bugs:
 https://bugzilla.mozilla.org/show_bug.cgi?id=674497
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_bugzilla:
upstream_bugzilla: released (4.1.3)
hardy_bugzilla: not-affected
lucid_bugzilla: not-affected
maverick_bugzilla: not-affected
natty_bugzilla: not-affected
devel_bugzilla: not-affected