SA-CORE-2010-001 - Drupal core - Multiple vulnerabilities

http://drupal.org/node/731710

Multiple vulnerabilities in Drupal 6.x before version 6.16 and Drupal
5.x before version 5.22 have been fixed in the latest release. These
vulnerabilities include:

* Installation cross site scripting
* Open redirection
* Locale module cross site scripting
* Blocked user session regeneration

Priority 4: This vulnerability has a lower probability of exploitation,
but should still be mitigated.

Severity 3: This vulnerability poses high risk within a group/school. It
does not pose a risk of contaminating other groups/schools.

This article also has the following advice:

"Drupal 5 will no longer be maintained when Drupal 7 is released.
Upgrading to Drupal 6 is recommended."

It is recommended that these versions of Drupal be scheduled for patching.

Thanks,
ep