[Bug 431080] [NEW] Drupal 5.20 released to fix critical security vulnerability

Scott Testerman t.scott.testerman at gmail.com
Wed Sep 16 23:50:07 UTC 2009


*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: drupal5

Drupal 5.20 has been released to fix a critical security vulnerability,
as well as other, smaller issues. No new functionality has been
included. Full details about the security issue addressed by this bugfix
are available at http://drupal.org/node/579482 . The release
announcement can be found at http://drupal.org/drupal-6.14 .

Drupal 5.19 is not yet available upstream for merging.

The vulnerability is:
* Attacker can fix and reuse a victim's session ID.

** Affects: drupal5 (Ubuntu)
     Importance: Undecided
         Status: New

** Visibility changed to: Public

-- 
Drupal 5.20 released to fix critical security vulnerability
https://bugs.launchpad.net/bugs/431080
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs




More information about the universe-bugs mailing list