my site is running 2.5+ and i'm trying to patch it for certain issues without going through the upgrade. as i'm sure is no surprise to anyone working in a higher education institution, i am not at liberty to update the core software whenever technical needs might require it; i need to coordinate with the schedule of the academic institution.
specifically, i can see the patches for msa-14-0003 and msa-14-0007 in the git repository. for instance:
and then apply them to the code. but if i want to verify that the fix is working, how can i do this? i can understand why the exploits would not be released "in the wild," but i'm not that wild ... am i?
any suggestions would be appreciated.