Drupal has released version 6.11 to correct a cross-site scripting flaw as noted in SA-CORE-2009-005: http://drupal.org/node/449078 . This new version also fixes a very limited information disclosure vulnerability.
A patch to correct the issue is also available: http://drupal.org/files/sa-core-2009-005/SA-CORE-2009-005-6.10.patch
This has been build for rawhide, 11, 10 and 9, (5.17 for EL-5 and EL-4), tagged for dist-f11. Adding this BZ# to the bodhi updates.
Freeze Exception ticket: https://fedorahosted.org/rel-eng/ticket/1699
drupal-6.11-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
drupal-6.11-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1575 AND CVE-2009-1576 to these vulnerabilities.