Mailing the story:
Debian: 2776-1: drupal6: Multiple vulnerabilities
Multiple vulnerabilities have been been fixed in the Drupal content management framework, resulting in information disclosure, insufficient validation, cross-site scripting and cross-site request forgery.