Yeah, dealing with that was basically half my week and I’ll be dealing with it for a while, I’m sure. Patch now! Doesn’t matter what version you’re running (D5, D6, D7, D8), if you haven’t patched since this Wednesday’s release, your site is vulnerable. I won’t talk about the exploit here but I think I have a fairly good grasp of how it works and how it came about.
Also, even if you have patched, know that the downstream effects are likely to result in lots of module updates and core Drupal updates for the next few months.