Ubuntu
drupal6 package

  1. Bug #539056
  2. Comment #22

Comment 22 for bug 539056

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package drupal6 - 6.12-1.1ubuntu1.2

---------------
drupal6 (6.12-1.1ubuntu1.2) karmic-security; urgency=low

  * SECURITY UPDATE: Multiple vulnerabilities and weaknesses
    (OpenID authentication bypass, file download access bypass,
    comment unpublishing bypass, and actions cross site scripting)
    were discovered in Drupal. (LP: #539056)
    - debian/patches/21_SA-CORE-2010-002.dpatch
    - CVE-2010-3685
    - CVE-2010-3686
    - SA-CORE-2010-002
  * SECURITY UPDATE: Multiple vulnerabilities and weaknesses
    (installation cross site scripting, open redirection, locale
    module cross site scripting and blocked user session regeneration)
    were discovered in Drupal. (LP: #539056)
    - debian/patches/21_SA-CORE-2010-002.dpatch
    - CVE-2010-3091
    - CVE-2010-3092
    - CVE-2010-3093
    - CVE-2010-3094
    - SA-CORE-2010-001
 -- Artur Rona <email address hidden> Tue, 28 Dec 2010 01:56:09 +0100