3 files changed, 6 insertions, 2 deletions

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 814adba801b4..ce78b018317e 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,4 +1,8 @@
 
+Drupal 6.34, 2014-11-19
+----------------------
+- Fixed security issues (session hijacking). See SA-CORE-2014-006.
+
 Drupal 6.33, 2014-08-06
 ----------------------
 - Fixed security issues (denial of service). See SA-CORE-2014-004.
diff --git a/includes/session.inc b/includes/session.inc
index 9f671b3a5a32..540b8d973b49 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -41,7 +41,7 @@ function sess_read($key) {
   register_shutdown_function('session_write_close');
 
   // Handle the case of first time visitors and clients that don't store cookies (eg. web crawlers).
-  if (!isset($_COOKIE[session_name()])) {
+  if (empty($key) || !isset($_COOKIE[session_name()])) {
     $user = drupal_anonymous_user();
     return '';
   }
diff --git a/modules/system/system.module b/modules/system/system.module
index 9e852c21fb37..4f61ce1dceb2 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -8,7 +8,7 @@
 /**
  * The current system version.
  */
-define('VERSION', '6.33');
+define('VERSION', '6.34');
 
 /**
  * Core API compatibility.