Date: Mon, 21 Jan 2019 21:18:59 +0100 From: Stefan Bethke <stb@lassitu.de> To: freebsd-security@freebsd.org Subject: PEAR packages potentially contain malicious code Message-ID: <442DD3E6-5954-4B5B-808B-A2DFE5D7DE4D@lassitu.de>
next in thread | raw e-mail | index | archive | help
I’ve just learned that the repository for the PHP PEAR set of extensions had their distribution server compromised. https://twitter.com/pear/status/1086634503731404800 I don’t really work with PHP much apart from installing packages of popular PHP web apps on my servers, so I can’t tell whether this code made it onto machines building from PEAR sources, or even into FreeBSD binary packages of PEAR extensions. Given the large user base for these packages, some advice to FreeBSD users might be well received. Thanks, Stefan -- Stefan Bethke <stb@lassitu.de> Fon +49 151 14070811
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?442DD3E6-5954-4B5B-808B-A2DFE5D7DE4D>