*** This bug is a security vulnerability *** Public security bug reported:
According to http://drupal.org/node/1425084 versions of Drupal 6.x < 6.23 contain a Cross Site Request Forgery vulnerability. ** Affects: drupal6 (Ubuntu) Importance: Undecided Status: New ** Affects: drupal6 (Debian) Importance: Unknown Status: Unknown ** Information type changed from Private Security to Public Security ** Bug watch added: Debian Bug tracker #658738 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658738 ** Also affects: drupal6 (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658738 Importance: Unknown Status: Unknown ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-0826 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1075466 Title: SA-CORE-2012-001 - Drupal core multiple vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/drupal6/+bug/1075466/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs