ftp/proftpd 1.3.3c with a version which contained a backdoor.
Chuck Swiger
cswiger at mac.com
Thu Dec 2 23:56:59 UTC 2010
On Dec 2, 2010, at 2:55 PM, Rob Farmer wrote:
>> Checking, the tarball you now fetch is the one which matches their md5 and GnuPG signing from the link above...
>
> For several hours on Wednesday the distinfo was updated to the
> compromised version (it has been reverted), so anyone who updated this
> port recently should check their system.
I see-- that's useful information to be aware of. Hopefully port maintainers practice a bit more wariness about distfiles changing unexpectedly; while it's common enough that people re-roll tarballs for whatever reason, it seems like there have been more incidents of reference sites getting owned...
Regards,
--
-Chuck
More information about the freebsd-ports
mailing list