What did you do to cause this?
I logged out and viewed the user page of a user with access to a restricted project.
What page were you on?
I was on the user page. Example. The "Staff Tracker" and associated tickets are part of a restricted project.
What PHP and MySQL versions do you run?
5.3.3-7+squeeze14, 5.1.66-0+squeeze1
Describe the defect:
Information meant to be private is leaking out through generally public pages. The information should be hidden from the user unless they have access to the group and tickets in question.