This bug was fixed in the package drupal6 - 6.16-1ubuntu0.1
--------------- drupal6 (6.16-1ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: Multiple vulnerabilities and weaknesses (OpenID authentication bypass, file download access bypass, comment unpublishing bypass, and actions cross site scripting) were discovered in Drupal. (LP: #539056) - debian/patches/21_SA-CORE-2010-002.dpatch - CVE-2010-3685 - CVE-2010-3686 - SA-CORE-2010-002 -- Artur Rona <email address hidden> Tue, 28 Dec 2010 01:23:57 +0100
This bug was fixed in the package drupal6 - 6.16-1ubuntu0.1
---------------
drupal6 (6.16-1ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: Multiple vulnerabilities and weaknesses patches/ 21_SA-CORE- 2010-002. dpatch
(OpenID authentication bypass, file download access bypass,
comment unpublishing bypass, and actions cross site scripting)
were discovered in Drupal. (LP: #539056)
- debian/
- CVE-2010-3685
- CVE-2010-3686
- SA-CORE-2010-002
-- Artur Rona <email address hidden> Tue, 28 Dec 2010 01:23:57 +0100