Comment 38 for bug 431080

Revision history for this message
Launchpad Janitor (janitor) wrote : Re: Fix critical security vulnerability (SA-CORE-2009-008)

This bug was fixed in the package drupal6 - 6.10-1ubuntu0.1

---------------
drupal6 (6.10-1ubuntu0.1) jaunty-security; urgency=low

  * debian/patches/18_SA-CORE-2009-005.dpatch:
    - Fix cross site scripting, see SA-CORE-2009-005
    - CVE-2009-1576
  * debian/patches/19_SA-CORE-2009-006.dpatch:
    - Fix cross site scripting, see SA-CORE-2009-006
  * debian/patches/20_SA-CORE-2009-007.dpatch:
    - Fix possible password leakage via URLs.
    - CVE-2009-2372
    - CVE-2009-2373
    - CVE-2009-2374
  * debian/patches/21_SA-CORE-2009-008.dpatch:
    - Fix security issues (session fixation),
      see SA-CORE-2009-008 (LP: #431080)

 -- Artur Rona <email address hidden> Sun, 25 Oct 2009 16:19:12 +0100