DescriptionSQL injection vulnerability in in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs354457

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bugzillasourcewoody(not affected)
bugzillasourcesarge(not affected)


[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)

Search for package or bug name: Reporting problems