bugzilla -- information leak

A Bugzilla Security Advisory reports:

When a bug is in a group, none of its information
(other than its status and resolution) should be visible
to users outside that group. It was discovered that
as of 3.3.2, Bugzilla was showing the alias of the bug
(a very short string used as a shortcut for looking up
the bug) to users outside of the group, if the protected
bug ended up in the “Depends On” or “Blocks” list of any
other bug.