Procedure for handling actively exploited security bugs with patches?
Bryan O'Sullivan
bos at serpentine.com
Sat Feb 9 05:16:05 UTC 2008
A bug in a piece of widely used PHP-based software was announced a few
days ago, and it's now being actively exploited by spammers:
http://wordpress.org/development/2008/02/wordpress-233/
Affected machines include my server, which is running F-8. Eep.
If a package maintainer doesn't turn a security fix around quickly, is
it reasonable (albeit a bit less than totally polite) to step in and do
the update oneself, assuming the ACLs permit it?
In this case, I found that jwb was already making the necessary edits
just as I was checking the wordpress module out of CVS, which is cool,
but what's the general it's-a-weekend-and-everyone's-gone-skiing practice?
<b
More information about the fedora-devel-list
mailing list