ftp/proftpd 1.3.3c with a version which contained a backdoor.

Chuck Swiger cswiger at mac.com
Thu Dec 2 23:56:59 UTC 2010

On Dec 2, 2010, at 2:55 PM, Rob Farmer wrote:
>> Checking, the tarball you now fetch is the one which matches their md5 and GnuPG signing from the link above...
> For several hours on Wednesday the distinfo was updated to the
> compromised version (it has been reverted), so anyone who updated this
> port recently should check their system.

I see-- that's useful information to be aware of.  Hopefully port maintainers practice a bit more wariness about distfiles changing unexpectedly; while it's common enough that people re-roll tarballs for whatever reason, it seems like there have been more incidents of reference sites getting owned...


More information about the freebsd-ports mailing list