Debian Bug report logs - #547140
drupal6: SA-CORE-2009-008 - Drupal core - Multiple vulnerabilities

version graph

Package: drupal6; Maintainer for drupal6 is Luigi Gangitano <>;

Reported by: Ingo Juergensmann <>

Date: Thu, 17 Sep 2009 07:45:01 UTC

Severity: normal

Fixed in version drupal6/6.14-1

Done: Luigi Gangitano <>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to, Luigi Gangitano <>:
Bug#547140; Package drupal6. (Thu, 17 Sep 2009 07:45:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ingo Juergensmann <>:
New Bug report received and forwarded. Copy sent to Luigi Gangitano <>. (Thu, 17 Sep 2009 07:45:04 GMT) Full text and rfc822 format available.

Message #5 received at (full text, mbox):

From: Ingo Juergensmann <>
To: Debian Bug Tracking System <>
Subject: drupal6: SA-CORE-2009-008 - Drupal core - Multiple vulnerabilities
Date: Thu, 17 Sep 2009 09:43:49 +0200
Package: drupal6
Severity: normal


Please take care to upload Drupal 6.14 as it fixes some OpenID
vulnerabilities and weaknesses mentioned in Drupal SA-CORE-2009-008 (see for more details). 
The Drupal SA report mentions Drupal5 as well. 


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Reply sent to Luigi Gangitano <>:
You have taken responsibility. (Sun, 20 Sep 2009 04:15:23 GMT) Full text and rfc822 format available.

Notification sent to Ingo Juergensmann <>:
Bug acknowledged by developer. (Sun, 20 Sep 2009 04:15:23 GMT) Full text and rfc822 format available.

Message #10 received at (full text, mbox):

From: Luigi Gangitano <>
Subject: Bug#547140: fixed in drupal6 6.14-1
Date: Sun, 20 Sep 2009 04:02:44 +0000
Source: drupal6
Source-Version: 6.14-1

We believe that the bug you reported is fixed in the latest version of
drupal6, which is due to be installed in the Debian FTP archive:

  to pool/main/d/drupal6/drupal6_6.14-1.diff.gz
  to pool/main/d/drupal6/drupal6_6.14-1.dsc
  to pool/main/d/drupal6/drupal6_6.14-1_all.deb
  to pool/main/d/drupal6/drupal6_6.14.orig.tar.gz

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Luigi Gangitano <> (supplier of updated drupal6 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA1

Format: 1.8
Date: Sun, 20 Sep 2009 04:57:57 +0200
Source: drupal6
Binary: drupal6
Architecture: source all
Version: 6.14-1
Distribution: unstable
Urgency: low
Maintainer: Luigi Gangitano <>
Changed-By: Luigi Gangitano <>
 drupal6    - a fully-featured content management framework
Closes: 547140
 drupal6 (6.14-1) unstable; urgency=low
   * New upstream release
     - Removed security patches integrate upstream
       + 20_SA-CORE-2009-007
     - Fixes multiple vulnerabilities (Ref: SA-CORE-2009-008)
       (Closes: #547140)
   * debian/control
     - Bumped Standard-Version to 3.8.3, no change needed
   * debian/compat
     - Switch debhelper compatibility to 7
   * debian/copyright
     - Added reference to copyright file with version
 2b5a3f3862c1a4ab9f76d4cf2740b1e906f9320b 1113 drupal6_6.14-1.dsc
 25d4249e91bb04041e3185be8bf79785f9d91811 1082687 drupal6_6.14.orig.tar.gz
 138c063ba3285aa16c323f978527333358c0e011 16615 drupal6_6.14-1.diff.gz
 eebd8f005fdce9c7941810401ded195845b08d20 1115188 drupal6_6.14-1_all.deb
 21b4067f34bccf9b732361c8fded87b7d2e149be747dc4a3415ec76445ef7c1b 1113 drupal6_6.14-1.dsc
 b534244b8e5b26ab6642d9909d5f7661b7c44e029ff8a87bd41afa7e15bde0b5 1082687 drupal6_6.14.orig.tar.gz
 dd8d31f9386cd0a6302097092d847c8698cfc1eb9019a3e47ef9b394e7e0fd88 16615 drupal6_6.14-1.diff.gz
 e0cab089cdc986a31c711cbafc0f85259a806655a4a50a7a154bbf6f30229d0c 1115188 drupal6_6.14-1_all.deb
 f190b1f0eef1e455e9dcc809fba3b889 1113 web extra drupal6_6.14-1.dsc
 014bb453a8d0adb0233c763e40d63859 1082687 web extra drupal6_6.14.orig.tar.gz
 8bb036cd30757d2cee0f03ee0d0b7c52 16615 web extra drupal6_6.14-1.diff.gz
 ccd0ed9aaca4a17c2d6be8806fa45028 1115188 web extra drupal6_6.14-1_all.deb

Version: GnuPG v1.4.10 (Darwin)


Bug archived. Request was from Debbugs Internal Request <> to (Wed, 28 Oct 2009 07:34:29 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Fri Apr 18 14:20:45 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.