ftp/proftpd 1.3.3c with a version which contained a backdoor.

Chuck Swiger cswiger at mac.com
Thu Dec 2 22:01:10 UTC 2010

On Dec 2, 2010, at 1:22 PM, Ivan Klymenko wrote:
> What do you think is it worth to pay attention to these events:
> http://sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org
> and that in this case needs to be done with the port ftp/proftpd itself?

Presumably/hopefully, the proftpd tarball which contained the backdoor would fail to match the distinfo for the port:

SHA256 (proftpd-1.3.3c.tar.bz2) = ea7f02e21f81e6ce79ebde8bbbd334bd269a039ac9137196a35309f791b24db1
SIZE (proftpd-1.3.3c.tar.bz2) = 4166609

Checking, the tarball you now fetch is the one which matches their md5 and GnuPG signing from the link above...


More information about the freebsd-ports mailing list