[Backports-security-announce] Security update for drupal6

2008-12-18T11:22:56
ID DEBIAN:A15A2FFFBB7E14C388DEE0D609074A6A:8C02B
Type debian
Reporter Debian
Modified 2008-12-18T11:22:56

Description

I've uploaded a new packages for drupal6 which fixed the following security problems:

SA-2008-073: The update system is vulnerable to Cross site request forgeries. Malicious users may cause the superuser (user 1) to execute old updates that may damage the database.

For the etch-backports distribution the problems have been fixed in version 6.6-1.1~bpo40+1.

Upgrade instructions

If you don't use pinning (http://backports.org/dokuwiki/doku.php?id=instructions) you have to update the package manually via apt-get -t etch-backports install drupal6.

We recommend to pin the backports repository to 200 so that new version of installed backports will be installed automatically.

Package: * Pin: release a=etch-backports Pin-Priority: 200