[Bug 431078] [NEW] Drupal 6.14 released to fix multiple critical security vulnerabilities
Scott Testerman
t.scott.testerman at gmail.com
Wed Sep 16 23:42:48 UTC 2009
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: drupal6
Drupal 6.14 has been released to fix multiple critical security
vulnerabilities, as well as other, smaller issues. No new functionality
has been included. Full details about the security issues addressed by
this bugfix are available at http://drupal.org/node/579482 . The release
announcement can be found at http://drupal.org/drupal-6.14 .
Drupal 6.14 is not yet available upstream for merging.
Vulnerabilities fixed are:
* OpenID association cross site request forgery vulnerability;
* OpenID impersonation vulnerability;
* File upload creates files that are executable by Apache vulnerability.
** Affects: drupal6 (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
Drupal 6.14 released to fix multiple critical security vulnerabilities
https://bugs.launchpad.net/bugs/431078
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list