CVE-2012-5884

NameCVE-2012-5884
DescriptionThe User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request, a different vulnerability than CVE-2012-4198.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs669643

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bugzillasourcesqueeze(not affected)
bugzillasource(unstable)(unfixed)low
bugzilla4ITP669643

Notes

[squeeze] - bugzilla <not-affected> (vulnerable code not present in 3.x)
Search for package or bug name: Reporting problems