Debian Security Advisory 2828-1 http://packetstormsecurity.com/files/124615/dsa-2828-1.txt
Debian Linux Security Advisory 2828-1 - Multiple vulnerabilities have been discovered in Drupal, a fully-featured request forgery protection, insecure pseudo random number generation, code execution and incorrect security token validation.