PRIOn knowledge basePRION:CVE-2010-2759Code injection
Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a crafted comment.
References
secunia.com/advisories/40892
secunia.com/advisories/41128
www.bugzilla.org/security/3.2.7/
www.securityfocus.com/bid/42275
www.vupen.com/english/advisories/2010/2035
www.vupen.com/english/advisories/2010/2205
bugzilla.mozilla.org/show_bug.cgi?id=583690
bugzilla.redhat.com/show_bug.cgi?id=623423
lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html
lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html
lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html
Related
