drupal-6.30-1.AXS3

Drupal is a free software package that allows an individual or a community of users to easily publish, manage and organize a wide variety of content on a website. Tens of thousands of people and organizations have used Drupal to power scores of different web sites, including:
• Community web portals
• Discussion sites
• Corporate web sites
• Intranet applications
• Personal web sites or blogs
• Aficionado sites
• E-commerce applications
• Resource directories
• Social Networking sites

Security issues fixed with this release:

• CVE-2014-1475
The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.

• CVE-2013-6385
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via application-specific vectors.

• CVE-2013-6386
Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack.