CVE-2009-3946 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3946): Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request.
*** Bug 297478 has been marked as a duplicate of this bug. ***
Bumped in tree, closing as it is a masked package. Olivier, if you want, I can be your proxy for the maintenance. Please email me directly.