Procedure for handling actively exploited security bugs with patches?

Bryan O'Sullivan bos at serpentine.com
Sat Feb 9 05:16:05 UTC 2008


A bug in a piece of widely used PHP-based software was announced a few
days ago, and it's now being actively exploited by spammers:

http://wordpress.org/development/2008/02/wordpress-233/

Affected machines include my server, which is running F-8.  Eep.

If a package maintainer doesn't turn a security fix around quickly, is
it reasonable (albeit a bit less than totally polite) to step in and do
the update oneself, assuming the ACLs permit it?

In this case, I found that jwb was already making the necessary edits
just as I was checking the wordpress module out of CVS, which is cool,
but what's the general it's-a-weekend-and-everyone's-gone-skiing practice?

	<b




More information about the fedora-devel-list mailing list