Comment 0 for bug 431078

Binary package hint: drupal6

Drupal 6.14 has been released to fix multiple critical security vulnerabilities, as well as other, smaller issues. No new functionality has been included. Full details about the security issues addressed by this bugfix are available at http://drupal.org/node/579482 . The release announcement can be found at http://drupal.org/drupal-6.14 .

Drupal 6.14 is not yet available upstream for merging.

Vulnerabilities fixed are:
* OpenID association cross site request forgery vulnerability;
* OpenID impersonation vulnerability;
* File upload creates files that are executable by Apache vulnerability.