Sorry about the unhelpful report body...! From the Mozilla advisory:
|Class: Account Compromise |Versions: 2.14 to 3.2.9, 3.4.9, 3.6.3, 4.0rc1 |Fixed In: 3.2.10, 3.4.10, 3.6.4, 4.0rc2 |Description: It was possible for a user to gain unauthorized access to | any Bugzilla account in a very short amount of time (short | enough that the attack is highly effective). This is a | critical vulnerability that should be patched immediately | by all Bugzilla installations. |References: https://bugzilla.mozilla.org/show_bug.cgi?id=621591 | https://bugzilla.mozilla.org/show_bug.cgi?id=619594 |CVE Number: CVE-2010-4568 http://www.bugzilla.org/security/3.2.9/ -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
signature.asc
Description: Digital signature