This bug was fixed in the package drupal6 - 6.12-1.1ubuntu1.2
---------------
drupal6 (6.12-1.1ubuntu1.2) karmic-security; urgency=low
* SECURITY UPDATE: Multiple vulnerabilities and weaknesses
(OpenID authentication bypass, file download access bypass,
comment unpublishing bypass, and actions cross site scripting)
were discovered in Drupal. (LP: #539056)
- debian/patches/21_SA-CORE-2010-002.dpatch
- CVE-2010-3685
- CVE-2010-3686
- SA-CORE-2010-002
* SECURITY UPDATE: Multiple vulnerabilities and weaknesses
(installation cross site scripting, open redirection, locale
module cross site scripting and blocked user session regeneration)
were discovered in Drupal. (LP: #539056)
- debian/patches/21_SA-CORE-2010-002.dpatch
- CVE-2010-3091
- CVE-2010-3092
- CVE-2010-3093
- CVE-2010-3094
- SA-CORE-2010-001
-- Artur Rona <[email protected]> Tue, 28 Dec 2010 01:56:09 +0100
** Changed in: drupal6 (Ubuntu Lucid)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/539056
Title:
backport security fixes from 6.19 and 5.23
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
