Security updates for Bugzilla
The developers of the Bugzilla open source bug tracking system have released versions 3.0.9, 3.2.5 and 3.4.2, which fix SQL injection vulnerabilities and remove a means of sniffing out a user's password.
The SQL injection vulnerabilities can be used to gain access to the database, allowing attackers to discover, change and delete content. It may also be possible to use this vulnerability to expose confidential data, such as the Mozilla Foundation's data on critical vulnerabilities in Firefox. The developers classify one of the SQL bugs as critical and are therefore advising all users to install the updates as soon as possible.
See also:
- 3.4.1, 3.2.4, and 3.0.8 Security Advisory, security advisory from Bugzilla.
(crve)