Gentoo Linux Security Advisory 201607-11 - Multiple vulnerabilities have been found in Bugzilla, the worst of which could lead to the escalation of privileges. Versions less than 5.0.3 are affected.
80a0902267c16233710208037b188bcd90eb15791d34baf0375c867b48579f49
Mandriva Linux Security Advisory 2015-030 - Some code in Bugzilla does not properly utilize 3 arguments form for open() and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes.
acea29f59c141edc8ada636ab2ce9dbf146a254ce6ee6a3acd2dc28718b5b2c0