Debian Security Advisory
DSA-2776-1 drupal6 -- several vulnerabilities
- Date Reported:
- 11 Oct 2013
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-0825, CVE-2012-0826, CVE-2012-5651, CVE-2012-5652, CVE-2012-5653, CVE-2013-0244, CVE-2013-0245.
- More information:
Multiple vulnerabilities have been been fixed in the Drupal content management framework, resulting in information disclosure, insufficient validation, cross-site scripting and cross-site request forgery.
For the oldstable distribution (squeeze), these problems have been fixed in version 6.28-1.
For the stable distribution (wheezy), these problems have already been fixed in the drupal7 package.
For the unstable distribution (sid), these problems have already been fixed in the drupal7 package.
We recommend that you upgrade your drupal6 packages.