Bug#531386: marked as done ([drupal6] SA-CORE-2009-006 - Drupal core - Cross site scripting)

[Debian Bug Tracking System]

Your message dated Fri, 12 Jun 2009 07:54:04 +0000
with message-id <e1mf1ao-0002lo...@ries.debian.org>
and subject line Bug#531386: fixed in drupal6 6.6-3lenny2
has caused the Debian Bug report #531386,
regarding [drupal6] SA-CORE-2009-006 - Drupal core - Cross site scripting
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
531386: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531386
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: drupal6
Severity: normal
Tags: security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org

--- Please enter the report below this line. ---

Hi!

There's a security advisory since 2009-May-13 and yet no update of
Debians source package.

See http://drupal.org/node/461886 for more details.

Luigi, may I ask if you are subscribed to the Drupal Security
Advicesories? I'm getting the impression that you aren't and need to be
bugged about security updates by users. Just wondering if it wouldn't be
more effective for us all when you are subscribed yourself. ;-)

But usually you're responding quick enough to bug reports. So, thanks
anyway for your work! :-)

Regards,
Ingo


--- System information. ---
Architecture: i386
Kernel:       Linux 2.6.26-1-686

Debian Release: squeeze/sid
  500 unstable        www.debian-multimedia.org
  500 unstable        ftp2.de.debian.org

--- Package information. ---
Package's Depends field is empty.

Package's Recommends field is empty.

Package's Suggests field is empty.




-- 
Ciao...            //      Fon: 0381-2744150
      Ingo       \X/       http://blog.windfluechter.net

gpg pubkey: http://www.juergensmann.de/ij_public_key.asc

--- End Message ---

--- Begin Message ---

Source: drupal6
Source-Version: 6.6-3lenny2

We believe that the bug you reported is fixed in the latest version of
drupal6, which is due to be installed in the Debian FTP archive:

drupal6_6.6-3lenny2.diff.gz
  to pool/main/d/drupal6/drupal6_6.6-3lenny2.diff.gz
drupal6_6.6-3lenny2.dsc
  to pool/main/d/drupal6/drupal6_6.6-3lenny2.dsc
drupal6_6.6-3lenny2_all.deb
  to pool/main/d/drupal6/drupal6_6.6-3lenny2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 531...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steffen Joeris <wh...@debian.org> (supplier of updated drupal6 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 01 Jun 2009 12:46:29 +0000
Source: drupal6
Binary: drupal6
Architecture: source all
Version: 6.6-3lenny2
Distribution: stable-security
Urgency: high
Maintainer: Luigi Gangitano <lu...@debian.org>
Changed-By: Steffen Joeris <wh...@debian.org>
Description: 
 drupal6    - a fully-featured content management framework
Closes: 529190 531386
Changes: 
 drupal6 (6.6-3lenny2) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix cross-site scripting (XSS) issues (Closes: #529190, #531386)
     Fixes: SA-CORE-2009-006
Checksums-Sha1: 
 9731f9cbed6e4009b817f339cc9ad46577fbe8ea 1132 drupal6_6.6-3lenny2.dsc
 87a63b02d417850a90706e919ad8bdf3e315206c 21561 drupal6_6.6-3lenny2.diff.gz
 615d77e73b5c6a33a1b35f54fcf82009f48a91d0 1088692 drupal6_6.6-3lenny2_all.deb
Checksums-Sha256: 
 8726c3222adc7804670f2c32d49e0bcb2d023c7c6ecd6df2116f485ed948cc8e 1132 
drupal6_6.6-3lenny2.dsc
 d664ef7172be818b539a4e6dd0b9aaa6011ebc173cc95af198d0a2844bfdab4b 21561 
drupal6_6.6-3lenny2.diff.gz
 28d9ea3d1d539f9e546db3cda88af1e7978c6266af76c5371e804ffac2f4d809 1088692 
drupal6_6.6-3lenny2_all.deb
Files: 
 7d8a825a0e670972ab6dd4ee98c341c4 1132 web extra drupal6_6.6-3lenny2.dsc
 55998c89be8cde527e192e57b7c439d5 21561 web extra drupal6_6.6-3lenny2.diff.gz
 fc0fd6e5d35869f6b8bc692fe7183248 1088692 web extra drupal6_6.6-3lenny2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoj2KIACgkQ62zWxYk/rQei7wCgmYDenR12Q5a04XlEtxbjfIzH
O7oAn2WxUZiNq1TzeU9b6xoqdFkCkgj1
=g9Gy
-----END PGP SIGNATURE-----

--- End Message ---