ftp/proftpd 1.3.3c with a version which contained a backdoor.
Chuck Swiger
cswiger at mac.com
Thu Dec 2 22:01:10 UTC 2010
On Dec 2, 2010, at 1:22 PM, Ivan Klymenko wrote:
> What do you think is it worth to pay attention to these events:
> http://sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org
>
> and that in this case needs to be done with the port ftp/proftpd itself?
Presumably/hopefully, the proftpd tarball which contained the backdoor would fail to match the distinfo for the port:
SHA256 (proftpd-1.3.3c.tar.bz2) = ea7f02e21f81e6ce79ebde8bbbd334bd269a039ac9137196a35309f791b24db1
SIZE (proftpd-1.3.3c.tar.bz2) = 4166609
Checking, the tarball you now fetch is the one which matches their md5 and GnuPG signing from the link above...
Regards,
--
-Chuck
More information about the freebsd-ports
mailing list