ftp/proftpd 1.3.3c with a version which contained a backdoor.
Ade Lovett
ade at FreeBSD.org
Fri Dec 3 05:50:52 UTC 2010
On Dec 02, 2010, at 17:56 , Chuck Swiger wrote:
> On Dec 2, 2010, at 2:55 PM, Rob Farmer wrote:
>>
>> For several hours on Wednesday the distinfo was updated to the
>> compromised version (it has been reverted), so anyone who updated this
>> port recently should check their system.
>
> I see-- that's useful information to be aware of. Hopefully port maintainers practice a bit more wariness about distfiles changing unexpectedly; while it's common enough that people re-roll tarballs for whatever reason, it seems like there have been more incidents of reference sites getting owned...
If ya'll are _absolutely_ certain that the current distfile is correct and not compromised then I would _strongly_ recommend that you bump PORTREVISION to make it absolutely obvious that folks see this.
-aDe
More information about the freebsd-ports
mailing list