| From the Red Hat bugzilla:
An unprivileged user is normally not allowed to view other users' group membership. But boolean charts let the user use group-based pronouns, indirectly disclosing group membership. CVE-2010-2756
Normally, when a user is impersonated, he receives an email informing him that he is being impersonated, containing the identity of the impersonator. However, it was possible to impersonate a user without this notification being sent. CVE-2010-2757
An error message thrown by the "Reports" and "Duplicates" page confirmed the non-existence of products, thus allowing users to guess confidential product names. CVE-2010-2758
If a comment contained the phrases "bug X" or "attachment X", where X was an integer larger than the maximum 32-bit signed integer size, PostgreSQL would throw an error, and any page containing that comment would not be viewable. On most Bugzillas, any user can enter a comment on any bug, so any user could have used this to deny access to one or all bugs. Bugzillas running on databases other than PostgreSQL are not affected. CVE-2010-2759
| 