ftp/proftpd 1.3.3c with a version which contained a backdoor.

Ade Lovett ade at FreeBSD.org
Fri Dec 3 05:50:52 UTC 2010

On Dec 02, 2010, at 17:56 , Chuck Swiger wrote:
> On Dec 2, 2010, at 2:55 PM, Rob Farmer wrote:
>> For several hours on Wednesday the distinfo was updated to the
>> compromised version (it has been reverted), so anyone who updated this
>> port recently should check their system.
> I see-- that's useful information to be aware of.  Hopefully port maintainers practice a bit more wariness about distfiles changing unexpectedly; while it's common enough that people re-roll tarballs for whatever reason, it seems like there have been more incidents of reference sites getting owned...

If ya'll are _absolutely_ certain that the current distfile is correct and not compromised then I would _strongly_ recommend that you bump PORTREVISION to make it absolutely obvious that folks see this.


More information about the freebsd-ports mailing list