Comment 23 for bug 539056

This bug was fixed in the package drupal6 - 6.16-1ubuntu0.1

---------------
drupal6 (6.16-1ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: Multiple vulnerabilities and weaknesses
    (OpenID authentication bypass, file download access bypass,
    comment unpublishing bypass, and actions cross site scripting)
    were discovered in Drupal. (LP: #539056)
    - debian/patches/21_SA-CORE-2010-002.dpatch
    - CVE-2010-3685
    - CVE-2010-3686
    - SA-CORE-2010-002
 -- Artur Rona <email address hidden> Tue, 28 Dec 2010 01:23:57 +0100