Information on source package drupal6

Available versions

ReleaseVersion
squeeze6.31-1
squeeze (security)6.31-1

Open issues

Bugsqueezesqueeze (security)Description
CVE-2014-9015vulnerablevulnerableDrupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to ...
CVE-2014-5266vulnerablevulnerableThe Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 ...
CVE-2014-5265vulnerablevulnerableThe Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 ...
CVE-2014-5021vulnerablevulnerableCross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x ...
CVE-2014-5019vulnerablevulnerableThe multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 ...

Open unimportant issues

Bugsqueezesqueeze (security)Description
TEMP-0000000-8FB0B7vulnerablevulnerableXSS in drupal 6 calendar field
TEMP-0000000-57BF72vulnerablevulnerableXSS in drupal printing module

Resolved issues

BugDescription
TEMP-0547140-24A459SA-CORE-2009-008
TEMP-0503222-760085local file inclusion in drupal
TEMP-0503222-4ACACFXSS in book module in drupal
TEMP-0000000-FC3A86unspecified multiple Drupal vulnerabilies, likely some overlap with the next temp entry
CVE-2014-9016The password hashing API in Drupal 7.x before 7.34 and the Secure ...
CVE-2014-5022Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal ...
CVE-2014-5020The File module in Drupal 7.x before 7.29 does not properly check ...
CVE-2014-3704The expandArguments function in the database abstraction API in Drupal ...
CVE-2014-2983Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate ...
CVE-2014-1476The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an ...
CVE-2014-1475The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows ...
CVE-2013-6386Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand ...
CVE-2013-6385The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used ...
CVE-2013-1887Multiple cross-site scripting (XSS) vulnerabilities in the Views ...
CVE-2013-0316The Image module in Drupal 7.x before 7.20 allows remote attackers to ...
CVE-2013-0245The printer friendly version functionality in the Book module in ...
CVE-2013-0244Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and ...
CVE-2012-5653The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 ...
CVE-2012-5652Drupal 6.x before 6.27 allows remote attackers to obtain sensitive ...
CVE-2012-5651Drupal 6.x before 6.27 and 7.x before 7.18 displays information for ...
CVE-2012-4554The OpenID module in Drupal 7.x before 7.16 allows remote OpenID ...
CVE-2012-4553Drupal 7.x before 7.16 allows remote attackers to obtain sensitive ...
CVE-2012-0827The File module in Drupal 7.x before 7.11, when using unspecified ...
CVE-2012-0826Cross-site request forgery (CSRF) vulnerability in the Aggregator ...
CVE-2012-0825Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that ...
CVE-2011-2687Drupal 7.x before 7.3 allows remote attackers to bypass intended ...
CVE-2010-3686The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...
CVE-2010-3685The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...
CVE-2010-3094Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x ...
CVE-2010-3093The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 ...
CVE-2010-3092The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does ...
CVE-2010-3091The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...
CVE-2010-2473Blocked user session regeneration
CVE-2010-2472Locale module cross site scripting
CVE-2010-2471Open redirection
CVE-2010-2250Installation cross site scripting
CVE-2009-4371Cross-site scripting (XSS) vulnerability in the Locale module ...
CVE-2009-4370Cross-site scripting (XSS) vulnerability in the Menu module ...
CVE-2009-4369Cross-site scripting (XSS) vulnerability in the Contact module ...
CVE-2009-2374Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize ...
CVE-2009-2373Cross-site scripting (XSS) vulnerability in the Forum module in Drupal ...
CVE-2009-2372Drupal 6.x before 6.13 does not prevent users from modifying user ...
CVE-2009-1844Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x ...
CVE-2009-1576Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before ...
CVE-2009-1575Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and ...
CVE-2009-0382Unspecified vulnerability in Internationalization (i18n) Translation ...
CVE-2008-6533Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related ...
CVE-2008-6532Multiple cross-site request forgery (CSRF) vulnerabilities in the ...
CVE-2008-6171includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, ...
CVE-2008-6170Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and ...
CVE-2008-4793The node module API in Drupal 5.x before 5.11 allows remote attackers ...
CVE-2008-4792The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 ...
CVE-2008-4791The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might ...
CVE-2008-4789The validation functionality in the core upload module in Drupal 6.x ...
CVE-2008-3661Drupal, probably 5.10 and 6.4, does not set the secure flag for the ...

Security announcements

DSA / DLADescription
DSA-2914-1drupal6 - security update
DSA-2851-1drupal6 - impersonation
DSA-2828-1drupal6 - several
DSA-2776-1drupal6 - several
DSA-2113-1drupal6 - several vulnerabilities
DSA-2016-1drupal6 - several vulnerabilities
DSA-1930-1drupal6 - several vulnerabilities
DSA-1808-1drupal6 - insufficient input sanitising
DSA-1792-1drupal6 - multiple vulnerabilities

Search for package or bug name: Reporting problems