Multiple vulnerabilities and weaknesses were discovered in Drupal. <6.14 OpenID association cross site request forgeries OpenID impersonation File upload <5.20 Session fixation Reproducible: Didn't try Steps to Reproduce:
Created attachment 205449 [details] Ebuild for drupal-6.14
The security risk is flagged as critical on Drupal Security Advisory : * Advisory ID: DRUPAL-SA-CORE-2009-008 * Project: Drupal core * Version: 5.x, 6.x * Date: 2009-September-16 * Security risk: Critical * Exploitable from: Remote * Vulnerability: Multiple vulnerabilities
both bumped. Thank you guys. package never been stable.
Closing noglsa.