...... Original Message .......
On Thu, 15 Oct 2009 18:50:40 -0000 Michael Terry
<email address hidden> wrote:
>I would sponsor and push this in (thanks for the work Artur), but we're
>past FinalFreeze. Will subscribe motu-release for an exception.
>
>--
>Fix critical security vulnerability (SA-CORE-2009-008)
>https://bugs.launchpad.net/bugs/431080
>You received this bug notification because you are a member of MOTU
>Release Team, which is a direct subscriber.
>
>Status in
drupal5
package in Ubuntu: Fix Released
>Status in
drupal6
package in Ubuntu: New
>Status in drupal5 in Ubuntu Hardy: Incomplete
>Status in drupal6 in Ubuntu Hardy: Invalid
>Status in drupal5 in Ubuntu Intrepid: Incomplete
>Status in drupal6 in Ubuntu Intrepid: Invalid
>Status in drupal5 in Ubuntu Jaunty: Triaged
>Status in drupal6 in Ubuntu Jaunty: Triaged
>Status in drupal5 in Ubuntu Karmic: Fix Released
>Status in drupal6 in Ubuntu Karmic: New
>Status in
drupal5
package in Debian: Fix Released
>Status in
drupal6
package in Debian: Fix Released
>
>Bug description:
>Binary package hint: drupal5
>
>Full details about the security issue addressed by this bugfix are available at http://drupal.org/node/579482 . The release announcement can be found at http://drupal.org/drupal-6.14 .
>
>The vulnerability is:
>* Attacker can fix and reuse a victim's session ID.
>
Universe is not past final freeze. Go ahead.
...... Original Message ....... /bugs.launchpad .net/bugs/ 431080 drupal. org/node/ 579482 . The release announcement can be found at drupal. org/drupal- 6.14 .
On Thu, 15 Oct 2009 18:50:40 -0000 Michael Terry
<email address hidden> wrote:
>I would sponsor and push this in (thanks for the work Artur), but we're
>past FinalFreeze. Will subscribe motu-release for an exception.
>
>--
>Fix critical security vulnerability (SA-CORE-2009-008)
>https:/
>You received this bug notification because you are a member of MOTU
>Release Team, which is a direct subscriber.
>
>Status in
drupal5
package in Ubuntu: Fix Released
>Status in
drupal6
package in Ubuntu: New
>Status in drupal5 in Ubuntu Hardy: Incomplete
>Status in drupal6 in Ubuntu Hardy: Invalid
>Status in drupal5 in Ubuntu Intrepid: Incomplete
>Status in drupal6 in Ubuntu Intrepid: Invalid
>Status in drupal5 in Ubuntu Jaunty: Triaged
>Status in drupal6 in Ubuntu Jaunty: Triaged
>Status in drupal5 in Ubuntu Karmic: Fix Released
>Status in drupal6 in Ubuntu Karmic: New
>Status in
drupal5
package in Debian: Fix Released
>Status in
drupal6
package in Debian: Fix Released
>
>Bug description:
>Binary package hint: drupal5
>
>Full details about the security issue addressed by this bugfix are available at
http://
http://
>
>The vulnerability is:
>* Attacker can fix and reuse a victim's session ID.
>