CVE-2005-2174 Information

Description

Bugzilla 2.17.x 2.18 before 2.18.2 2.19.x and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete.

Reference

http://securitytracker.com/id?1014428 http://www.bugzilla.org/security/2.18.1/ https://bugzilla.mozilla.org/show_bug.cgi?id=293159