awiedman Posted December 7, 2009 Share Posted December 7, 2009 http://seclists.org/bugtraq/2009/Dec/46 How long till a patch is released? Link to comment Share on other sites More sharing options...
bgk Posted December 7, 2009 Share Posted December 7, 2009 http://community.invisionpower.com/topic/299835-turn-around-time-on-published-exploits/ Summary: Will be addressed in 3.0.5 to be released this week! Link to comment Share on other sites More sharing options...
bfarber Posted December 7, 2009 Share Posted December 7, 2009 The advisory of course sounds scary, but realistically both issues are relatively mitigated already. The SQL injection requires a moderator account (or above) to perform, and the local file inclusion requires that a malicious script has already been uploaded to your server. We have been verifying the patches over the weekend and they've proved stable. We decided to simply roll them into 3.0.5 and release 3.0.5 this week, instead of making a separate release for the patches this week. Link to comment Share on other sites More sharing options...
envonge Posted December 8, 2009 Share Posted December 8, 2009 The advisory of course sounds scary, but realistically both issues are relatively mitigated already. The SQL injection requires a moderator account (or above) to perform, and the local file inclusion requires that a malicious script has already been uploaded to your server. We have been verifying the patches over the weekend and they've proved stable. We decided to simply roll them into 3.0.5 and release 3.0.5 this week, instead of making a separate release for the patches this week. Is there going to be something released for 2.3.6 too? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.