Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a crafted comment.
https://bugzilla.redhat.com/show_bug.cgi?id=623423
https://bugzilla.mozilla.org/show_bug.cgi?id=583690
http://www.vupen.com/english/advisories/2010/2205
http://www.vupen.com/english/advisories/2010/2035
http://www.securityfocus.com/bid/42275
http://www.bugzilla.org/security/3.2.7/
http://secunia.com/advisories/41128
http://secunia.com/advisories/40892
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html