[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Procedure for handling actively exploited security bugs with patches?



A bug in a piece of widely used PHP-based software was announced a few
days ago, and it's now being actively exploited by spammers:

http://wordpress.org/development/2008/02/wordpress-233/

Affected machines include my server, which is running F-8.  Eep.

If a package maintainer doesn't turn a security fix around quickly, is
it reasonable (albeit a bit less than totally polite) to step in and do
the update oneself, assuming the ACLs permit it?

In this case, I found that jwb was already making the necessary edits
just as I was checking the wordpress module out of CVS, which is cool,
but what's the general it's-a-weekend-and-everyone's-gone-skiing practice?

	<b


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]