Ubuntu
drupal6 package

  1. Karmic (9.10)
  2. Bug #431080
  3. Comment #0

Comment 0 for bug 431080

Revision history for this message
Scott Testerman (scott-testerman) wrote : Drupal 5.20 released to fix critical security vulnerability

Binary package hint: drupal5

Drupal 5.20 has been released to fix a critical security vulnerability, as well as other, smaller issues. No new functionality has been included. Full details about the security issue addressed by this bugfix are available at http://drupal.org/node/579482 . The release announcement can be found at http://drupal.org/drupal-6.14 .

Drupal 5.19 is not yet available upstream for merging.

The vulnerability is:
* Attacker can fix and reuse a victim's session ID.