Package: drupal6 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for drupal6.
CVE-2008-3661[0]: | Drupal, probably 5.10 and 6.4, does not set the secure flag for the | session cookie in an https session, which can cause the cookie to be | sent in http requests and make it easier for remote attackers to | capture this cookie. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3661 http://security-tracker.debian.net/tracker/CVE-2008-3661 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgprjfMXIsjzD.pgp
Description: PGP signature
