From secunia at $URL: Description A vulnerability and a security issue have been reported in Bugzilla, which can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data. 1) Input passed via the username is not properly escaped before being used in a LDAP query and can be exploited to inject LDAP statements. This vulnerability is reported in versions 2.12 through 3.6.10, 3.7.1 through 4.0.7, 4.1.1 through 4.2.2, and 4.3.1 through 4.3.2. 2) A security issue due to the application not restricting directory browsing access to extensions can be exploited to disclose the source code of templates. This security issue is reported in versions 2.23.2 through 3.6.10, 3.7.1 through 4.0.7, 4.1.1 through 4.2.2, and 4.3.1 through 4.3.2. Solution Update to version 3.6.11, 4.0.8, 4.2.3, or 4.3.3.
CVE-2012-4747 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4747): Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request. CVE-2012-3981 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3981): Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt.
Need version bumps for the 3.6.x and 4.0.x series, and potentially stabilization for 3.6.11 after the bump.
