Launchpad CVE tracker

CVE 2009-3165

SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

Related bugs and status

CVE-2009-3165 (Candidate) is related to these bugs:

Bug #413065: prepare for custom templates

Summary				In	Importance	Status
	413065	prepare for custom templates		bugzilla (Ubuntu)	Wishlist	Fix Released

Bug #415500: bugzilla3 3.2.4.0-3ubuntu1 dumps passwords in apt logs

Summary				In	Importance	Status
	415500	bugzilla3 3.2.4.0-3ubuntu1 dumps passwords in apt logs		bugzilla (Ubuntu)	Low	Fix Released

Bug #419826: The following variables are new to /etc/bugzilla3/localconfig since you last ran checksetup.pl

Summary				In	Importance	Status
	419826	The following variables are new to /etc/bugzilla3/localconfig since you last ran checksetup.pl		bugzilla (Ubuntu)	Undecided	Fix Released
	419826	The following variables are new to /etc/bugzilla3/localconfig since you last ran checksetup.pl		bugzilla (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-3165

References