CVE-2009-0486

NameCVE-2009-0486
DescriptionBugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs514143

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bugzillasourceetch(not affected)
bugzillasourcelenny(not affected)
bugzillasource(unstable)3.2.4.0-1514143

Notes

[etch] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected)
[lenny] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected)

Search for package or bug name: Reporting problems