We have just finished successfully testing the Debian drupal6 6.12-1 package on the 2009.03 release, and have updated our package archive to include it.
Drupal 6.12 is not considered a security release by Debian per say, but does include previous security fixes for a cross-site-script (XSS) vulnerability, as well as other maintenance. Those interested in upgrading should do so manually:
apt-get update apt-get install drupal6
Note: This upgrade requires a database schema update, so after installation, follow the instructions at http://appliance_ip/update.php