Debian Linux Security Advisory 1913-1 – Max Kanat-Alexander, Bradley Baetz, and Frederic Buclin discovered an SQL injection vulnerability in the Bug.create WebService function in Bugzilla, a web-based bug tracking system, which allows remote attackers to execute arbitrary SQL commands.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/82056/dsa-1913-1.txt
Source: https://packetstormsecurity.com/files/82056/Debian-Linux-Security-Advisory-1913-1.html