bugzilla -- "createmailregexp" security bypass vulnerability

The Bugzilla development team reports:

Bugzilla::WebService::User::offer_account_by_email does
not check the “createemailregexp” parameter, and thus
allows users to create accounts who would normally be
denied account creation. The “emailregexp” parameter is
still checked. If you do not have the SOAP::Lite Perl
module installed on your Bugzilla system, your system is
not vulnerable (because the Bugzilla WebService will not
be enabled).