[Bug 431080] Re: Drupal 5.20 released to fix critical security vulnerability

[Artur Rona]

** Also affects: drupal6 (Ubuntu)
   Importance: Undecided
       Status: New

** Summary changed:

- Drupal 5.20 released to fix critical security vulnerability
+ Fix critical security vulnerability (SA-CORE-2009-008)

** Changed in: drupal6 (Ubuntu Karmic)
       Status: New => In Progress

** Changed in: drupal6 (Ubuntu Karmic)
     Assignee: (unassigned) => Artur Rona (ari-tczew)

** Changed in: drupal6 (Ubuntu Jaunty)
       Status: New => In Progress

** Changed in: drupal6 (Ubuntu Jaunty)
     Assignee: (unassigned) => Artur Rona (ari-tczew)

** Description changed:

  Binary package hint: drupal5
  
- Drupal 5.20 has been released to fix a critical security vulnerability,
- as well as other, smaller issues. No new functionality has been
- included. Full details about the security issue addressed by this bugfix
- are available at http://drupal.org/node/579482 . The release
- announcement can be found at http://drupal.org/drupal-6.14 .
- 
- Drupal 5.19 is not yet available upstream for merging.
+ Full details about the security issue addressed by this bugfix are
+ available at http://drupal.org/node/579482 . The release announcement
+ can be found at http://drupal.org/drupal-6.14 .
  
  The vulnerability is:
  * Attacker can fix and reuse a victim's session ID.
- 
- New upstream (non-Debian) source:
- ftp://ftp.osuosl.org/pub/drupal/files/projects/drupal-5.20.tar.gz

-- 
Fix critical security vulnerability (SA-CORE-2009-008)
https://bugs.launchpad.net/bugs/431080
You received this bug notification because you are a member of Ubuntu
Sponsors for universe, which is a direct subscriber.