Bugzilla Security Advisory - Bugzilla versions 3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, and 4.5.1 to 4.5.4 suffer from a cross site request forgery vulnerability.
cd0337a3196b87e65a4382c3d46665e5a07957324bbe8fa092ed144b51893ab0
Bugzilla Security Advisory - Bugzilla versions 2.0 through 4.4.2 and 4.5.1 through 4.5.2 suffer from a cross site request forgery vulnerability. Bugzilla versions 2.0 through 4.0.11, 4.1.1 through 4.2.7, 4.3.1 through 4.4.2, and 4.5.1 through 4.5.2 suffer from a social engineering vulnerability.
e3f8c68b0a1bbdf0fb518956a6f0baea7892e0d7d30f6fb5905d155c12849c5b
Bugzilla Security Advisory - When the user logs in using LDAP, the username is not escaped before being passed to LDAP which could potentially lead to LDAP injection. Extensions are not protected against directory browsing by default and users can view the source code of templates used by the extensions. These templates may contain sensitive data.
a5d9eb97d8ed5caaa5684888b740b5cecb254605b98dce901b0bd2362f639636