Red Hat Bugzilla – Bug 498643
CVE-2009-1575, CVE-2009-1576 drupal: multiple vulnerabilities in < 6.11 (SA-CORE-2009-005)
Last modified: 2009-06-16 03:01:19 EDT
Drupal has released version 6.11 to correct a cross-site scripting flaw as noted in SA-CORE-2009-005: http://drupal.org/node/449078 . This new version also fixes a very limited information disclosure vulnerability.
A patch to correct the issue is also available: http://drupal.org/files/sa-core-2009-005/SA-CORE-2009-005-6.10.patch
This has been build for rawhide, 11, 10 and 9, (5.17 for EL-5 and EL-4), tagged for dist-f11. Adding this BZ# to the bodhi updates.
Freeze Exception ticket:
drupal-6.11-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
drupal-6.11-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1575 AND CVE-2009-1576 to these vulnerabilities.