I've uploaded a new packages for drupal6 which fixed the following security problems:
SA-2008-073: The update system is vulnerable to Cross site request forgeries. Malicious users may cause the superuser (user 1) to execute old updates that may damage the database.
For the etch-backports distribution the problems have been fixed in version 6.6-1.1~bpo40+1.
If you don't use pinning (http://backports.org/dokuwiki/doku.php?id=instructions) you have to update the package manually via apt-get -t etch-backports install drupal6.
We recommend to pin the backports repository to 200 so that new version of installed backports will be installed automatically.
Package: * Pin: release a=etch-backports Pin-Priority: 200