From secunia advisory: Description A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application's web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change certain bug data or execute certain administrative tasks by tricking a logged in user into visiting a malicious web site. The vulnerability is reported in versions 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2. Solution Update to version 4.0.5 or 4.2.
CVE-2012-0453 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0453): Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API.
4.0.5 and 4.2 are in gentoo-x86 now.
(In reply to comment #2) > 4.0.5 and 4.2 are in gentoo-x86 now. Thanks, fixed.
