CVE-2005-3138

NameCVE-2005-3138
DescriptionBugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs331206

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bugzillasourcewoody(not affected)
bugzillasourcesarge(not affected)
bugzillasource(unstable)2.18.4-1medium331206

Notes

[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
Search for package or bug name: Reporting problems