diff -u drupal6-6.12/debian/changelog drupal6-6.12/debian/changelog
--- drupal6-6.12/debian/changelog
+++ drupal6-6.12/debian/changelog
@@ -1,3 +1,14 @@
+drupal6 (6.12-1.1ubuntu1.1) karmic-security; urgency=low
+
+  * debian/patches/22_SA-CORE-2009-009.dpatch:
+    - SECURITY UPDATE due to multiple vulnerabilities
+      and weaknesses were discovered in Drupal (LP: #510421)
+    - CVE-2009-4369
+    - CVE-2009-4370
+    - CVE-2009-4371
+
+ -- Artur Rona <ari-tczew@tlen.pl>  Mon, 22 Feb 2010 00:13:26 +0100
+
 drupal6 (6.12-1.1ubuntu1) karmic; urgency=high
 
   * debian/patches/21_SA-CORE-2009-008.dpatch:
diff -u drupal6-6.12/debian/patches/00list drupal6-6.12/debian/patches/00list
--- drupal6-6.12/debian/patches/00list
+++ drupal6-6.12/debian/patches/00list
@@ -3,0 +4 @@
+22_SA-CORE-2009-009
only in patch2:
unchanged:
--- drupal6-6.12.orig/debian/patches/22_SA-CORE-2009-009.dpatch
+++ drupal6-6.12/debian/patches/22_SA-CORE-2009-009.dpatch
@@ -0,0 +1,35 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 22_SA-CORE-2009-009.dpatch by Artur Rona <ari-tczew@tlen.pl>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix a critical security vulnerability.
+##
+## Ubuntu: https://bugs.launchpad.net/bugs/510421
+## Upstream: http://drupal.org/node/661586
+## Patch: http://drupal.org/files/sa-core-2009-009/SA-CORE-2009-009-6.14.patch
+
+@DPATCH@
+
+diff -pruN -x '*~' drupal-6.10.orig/modules/contact/contact.admin.inc drupal-6.10/modules/contact/contact.admin.inc
+--- drupal-6.10.orig/modules/contact/contact.admin.inc	2007-11-09 08:55:13.000000000 +0100
++++ drupal-6.10/modules/contact/contact.admin.inc	2010-02-21 23:11:37.000000000 +0100
+@@ -13,7 +13,7 @@ function contact_admin_categories() {
+   $result = db_query('SELECT cid, category, recipients, selected FROM {contact} ORDER BY weight, category');
+   $rows = array();
+   while ($category = db_fetch_object($result)) {
+-    $rows[] = array($category->category, $category->recipients, ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid));
++    $rows[] = array(check_plain($category->category), check_plain($category->recipients), ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid));
+   }
+   $header = array(t('Category'), t('Recipients'), t('Selected'), array('data' => t('Operations'), 'colspan' => 2));
+ 
+diff -pruN -x '*~' drupal-6.10.orig/modules/menu/menu.admin.inc drupal-6.10/modules/menu/menu.admin.inc
+--- drupal-6.10.orig/modules/menu/menu.admin.inc	2009-02-25 14:15:40.000000000 +0100
++++ drupal-6.10/modules/menu/menu.admin.inc	2010-02-21 23:12:42.000000000 +0100
+@@ -15,6 +15,7 @@ function menu_overview_page() {
+   while ($menu = db_fetch_array($result)) {
+     $menu['href'] = 'admin/build/menu-customize/'. $menu['menu_name'];
+     $menu['localized_options'] = array();
++    $menu['description'] = filter_xss_admin($menu['description']);
+     $content[] = $menu;
+   }
+   return theme('admin_block_content', $content);