The packagedb package-bug-list was showing the summaries for bugs marked security sensitive. This is not desirable.
For now, I've applied a hotfix to pkgdb/lib/utils.py and pkgdb/bugs.py that doesn't show security bugs at all. These are checked into the hotfix module on puppet01 and applied to the app servers and app.stg servers. I'll need to look into a better fix on Monday that allows us to list the bugs but just not their summaries.
As far as I can see, this has not been commited upstream.
I looked at this with threebean and tibbs last month (when getting pkgdb functionality into packages.fp.o) It looked like the RH bugzilla people removed the permissions on the Fedora xmlrpc account so that it can no longer see security bugs.
Probably not the way this should be implenmented as it means security bugs will go unnoticed by some maintainers but at this point it's out of our hands.
Closing ticket and we won't need the hotfix since the account permissions don't allow us to see these bugs at all.
Login to comment on this ticket.