CVE-2009-3165

Name	CVE-2009-3165
Description	SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1913-1
Debian Bugs	547132

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
bugzilla	source	etch	(not affected)
bugzilla	source	lenny	3.0.4.1-2+lenny2		DSA-1913-1
bugzilla	source	(unstable)	3.2.5.0-1	low		547132

Notes

[etch] - bugzilla <not-affected> (Vulnerable code not present)
Introduced in 2.23.4