CVE-2011-2381

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.17.1 through 2.22.7 Bugzilla versions 3.0.x through 3.3.x Bugzilla versions 3.4.x before 3.4.12 Bugzilla versions 3.5.x Bugzilla versions 3.6.x before 3.6.6 Bugzilla versions 3.7.x Bugzilla versions 4.0.x before 4.0.2 Bugzilla versions 4.1.x before 4.1.3

Description A CRLF injection issue allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notification.

Recommendations For Bugzilla versions 2.17.1 through 2.22.7, update to a version outside of this range to resolve the issue. For Bugzilla versions 3.0.x through 3.3.x, update to a version outside of this range to resolve the issue. For Bugzilla versions 3.4.x before 3.4.12, update to version 3.4.12 or later to resolve the issue. For Bugzilla versions 3.5.x, update to a version outside of this range to resolve the issue. For Bugzilla versions 3.6.x before 3.6.6, update to version 3.6.6 or later to resolve the issue. For Bugzilla versions 3.7.x, update to a version outside of this range to resolve the issue. For Bugzilla versions 4.0.x before 4.0.2, update to version 4.0.2 or later to resolve the issue. For Bugzilla versions 4.1.x before 4.1.3, update to version 4.1.3 or later to resolve the issue.