Candidate: CVE-2008-6532
PublicDate: 2009-03-26 21:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6532
 http://drupal.org/node/345441
Description:
 Multiple cross-site request forgery (CSRF) vulnerabilities in the update
 feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers
 to perform unauthorized actions as the superuser via unspecified vectors,
 as demonstrated by causing the superuser to "execute old updates" that
 modify the database.
Ubuntu-Description:
Notes:
 mdeslaur> SA-2008-073
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_drupal5:
upstream_drupal5: released (5.13)
dapper_drupal5: DNE
gutsy_drupal5: needed (reached end-of-life)
hardy_drupal5: released (5.7-1ubuntu1.2)
intrepid_drupal5: released (5.10-1ubuntu1.1)
jaunty_drupal5: not-affected (5.15-1ubuntu1)
karmic_drupal5: not-affected (5.18-1.1ubuntu2)
devel_drupal5: DNE

Patches_drupal6:
upstream_drupal6: released (6.7)
dapper_drupal6: DNE
gutsy_drupal6: DNE
hardy_drupal6: DNE
intrepid_drupal6: DNE
jaunty_drupal6: not-affected (6.10-1)
karmic_drupal6: not-affected (6.12-1)
devel_drupal6: not-affected (6.12-1)