CVE numbers were assigned as follows:
CVE-2012-2691: Reporters can edit arbitrary bugnotes via SOAP API (#14340)
CVE-2012-2692: delete_attachments_threshold not checked on attachment deletion (#14016)
CVE numbers were assigned as follows:
CVE-2012-2691: Reporters can edit arbitrary bugnotes via SOAP API (#14340)
CVE-2012-2692: delete_ attachments_ threshold not checked on attachment deletion (#14016)