CVE-2009-3165
Published: 15 September 2009
SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
Priority
Status
Package | Release | Status |
---|---|---|
bugzilla Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(3.2.5.0-1)
|
|
maverick |
Not vulnerable
(3.2.5.0-1)
|
|
natty |
Not vulnerable
(3.2.5.0-1)
|
|
oneiric |
Not vulnerable
(3.2.5.0-1)
|
|
upstream |
Needs triage
|