This bug was fixed in the package drupal6 - 6.12-1.1ubuntu1.2
--------------- drupal6 (6.12-1.1ubuntu1.2) karmic-security; urgency=low
* SECURITY UPDATE: Multiple vulnerabilities and weaknesses (OpenID authentication bypass, file download access bypass, comment unpublishing bypass, and actions cross site scripting) were discovered in Drupal. (LP: #539056) - debian/patches/21_SA-CORE-2010-002.dpatch - CVE-2010-3685 - CVE-2010-3686 - SA-CORE-2010-002 * SECURITY UPDATE: Multiple vulnerabilities and weaknesses (installation cross site scripting, open redirection, locale module cross site scripting and blocked user session regeneration) were discovered in Drupal. (LP: #539056) - debian/patches/21_SA-CORE-2010-002.dpatch - CVE-2010-3091 - CVE-2010-3092 - CVE-2010-3093 - CVE-2010-3094 - SA-CORE-2010-001 -- Artur Rona <email address hidden> Tue, 28 Dec 2010 01:56:09 +0100
This bug was fixed in the package drupal6 - 6.12-1.1ubuntu1.2
---------------
drupal6 (6.12-1.1ubuntu1.2) karmic-security; urgency=low
* SECURITY UPDATE: Multiple vulnerabilities and weaknesses patches/ 21_SA-CORE- 2010-002. dpatch patches/ 21_SA-CORE- 2010-002. dpatch
(OpenID authentication bypass, file download access bypass,
comment unpublishing bypass, and actions cross site scripting)
were discovered in Drupal. (LP: #539056)
- debian/
- CVE-2010-3685
- CVE-2010-3686
- SA-CORE-2010-002
* SECURITY UPDATE: Multiple vulnerabilities and weaknesses
(installation cross site scripting, open redirection, locale
module cross site scripting and blocked user session regeneration)
were discovered in Drupal. (LP: #539056)
- debian/
- CVE-2010-3091
- CVE-2010-3092
- CVE-2010-3093
- CVE-2010-3094
- SA-CORE-2010-001
-- Artur Rona <email address hidden> Tue, 28 Dec 2010 01:56:09 +0100