We have just finished successfully testing the Debian drupal6 6.11-1 package on the 2009.03 release, and have updated our package archive to include it.
Drupal 6.11 is not considered a security release by Debian, but does fix a cross-site-script (XSS) vulnerability, as well as other maintenance and performance issues. Those interested in upgrading should do so manually:
apt-get update apt-get install drupal6
Note: This upgrade requires a database schema update, so after installation, follow the instructions at http://appliance_ip/update.php