Drupal 6.14 released to fix multiple critical security vulnerabilities
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
drupal6 (Ubuntu) |
Incomplete
|
Undecided
|
Unassigned | ||
Jaunty |
Incomplete
|
Undecided
|
Unassigned | ||
Karmic |
Incomplete
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: drupal6
Drupal 6.14 has been released to fix multiple critical security vulnerabilities, as well as other, smaller issues. No new functionality has been included. Full details about the security issues addressed by this bugfix are available at http://
Drupal 6.14 is not yet available upstream for merging.
Vulnerabilities fixed are:
* OpenID association cross site request forgery vulnerability;
* OpenID impersonation vulnerability;
* File upload creates files that are executable by Apache vulnerability.
New upstream (non-Debian) version:
ftp://ftp.
visibility: | private → public |
Diff attached for Jaunty