Debian
drupal5 package

  1. Bug #431080
  2. Comment #39

Comment 39 for bug 431080

Revision history for this message
Launchpad Janitor (janitor) wrote : Re: Fix critical security vulnerability (SA-CORE-2009-008)

This bug was fixed in the package drupal5 - 5.15-1ubuntu1.1

---------------
drupal5 (5.15-1ubuntu1.1) jaunty-security; urgency=low

  * debian/patches/18_SA-CORE-2009-005.dpatch:
    - Fix cross site scripting, see SA-CORE-2009-005
    - CVE-2009-1576
  * debian/patches/19_SA-CORE-2009-006.dpatch:
    - Fix cross site scripting, see SA-CORE-2009-006
  * debian/patches/20_SA-CORE-2009-007.dpatch:
    - Fix possible password leakage via URLs.
    - CVE-2009-2372
    - CVE-2009-2373
    - CVE-2009-2374
  * debian/patches/21_SA-CORE-2009-008.dpatch:
    - Fix security issues (session fixation),
      see SA-CORE-2009-008 (LP: #431080)

 -- Artur Rona <email address hidden> Sat, 24 Oct 2009 23:32:18 +0200