I've uploaded a new packages for drupal6 which fixed the following security problems: SA-2008-073: The update system is vulnerable to Cross site request forgeries. Malicious users may cause the superuser (user 1) to execute old updates that may damage the database. For the etch-backports distribution the problems have been fixed in version 6.6-1.1~bpo40+1. Upgrade instructions -------------------- If you don't use pinning (http://backports.org/dokuwiki/doku.php?id=instructions) you have to update the package manually via apt-get -t etch-backports install drupal6. We recommend to pin the backports repository to 200 so that new version of installed backports will be installed automatically. Package: * Pin: release a=etch-backports Pin-Priority: 200
Attachment:
signature.asc
Description: Digital signature