Security Information / 2013 / Security Information -- DSA-2776-1 drupal6

Debian Security Advisory

DSA-2776-1 drupal6 -- several vulnerabilities

Date Reported:

11 Oct 2013

Affected Packages:

drupal6

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-0825, CVE-2012-0826, CVE-2012-5651, CVE-2012-5652, CVE-2012-5653, CVE-2013-0244, CVE-2013-0245.

More information:

Multiple vulnerabilities have been been fixed in the Drupal content management framework, resulting in information disclosure, insufficient validation, cross-site scripting and cross-site request forgery.

For the oldstable distribution (squeeze), these problems have been fixed in version 6.28-1.

For the stable distribution (wheezy), these problems have already been fixed in the drupal7 package.

For the unstable distribution (sid), these problems have already been fixed in the drupal7 package.

We recommend that you upgrade your drupal6 packages.