Date: Mon, 21 Jan 2019 21:23:53 +0100 From: Remko Lodder <remko@FreeBSD.org> To: Stefan Bethke <stb@lassitu.de> Cc: freebsd-security@freebsd.org, "ports-secteam@freebsd.org" <ports-secteam@FreeBSD.org> Subject: Re: PEAR packages potentially contain malicious code Message-ID: <8090C0B2-AF5C-4031-93A5-2F33F28B9959@FreeBSD.org> In-Reply-To: <442DD3E6-5954-4B5B-808B-A2DFE5D7DE4D@lassitu.de> References: <442DD3E6-5954-4B5B-808B-A2DFE5D7DE4D@lassitu.de>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hi Stefan, > On 21 Jan 2019, at 21:18, Stefan Bethke <stb@lassitu.de> wrote: > > I’ve just learned that the repository for the PHP PEAR set of extensions had their distribution server compromised. > > https://twitter.com/pear/status/1086634503731404800 > > I don’t really work with PHP much apart from installing packages of popular PHP web apps on my servers, so I can’t tell whether this code made it onto machines building from PEAR sources, or even into FreeBSD binary packages of PEAR extensions. Given the large user base for these packages, some advice to FreeBSD users might be well received. Thank you for sending the headsup to the FreeBSD users. I have CC’ed ports-secteam, they will handle with due care when more information is available and they can act upon something. I have BCC’ed the maintainer for the PHP port(s), but I am not entirely sure whether he maintains all the pear ports as well. Again, thank you. Best regards, Remko Hat: Security Team > > > Thanks, > Stefan > > -- > Stefan Bethke <stb@lassitu.de> Fon +49 151 14070811 > > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEUZm6tSR1fPPy/V/fqMPbslnzjLAFAlxGKlkACgkQqMPbslnz jLCBbxAAgPsLZY66G5PnHVckkkHfTAm03+SL6SfbL1DhCP10zN7Ir0FeevPHrz/T sTiAGwemfHswhZElIwYoQljWi7C9uhYD+hAUar3raS0Tlbfd6AIsYjBKDiEFd+CM aG5LwdCeW/2piXOaQbzQPFbudEnFRGMXqONgXcm9U4ZDylUnDwMl0xIbKr68GApN ekvepcWpJ546dEx/LZVi7JmcfUgZyB3ddl2M5731pClBDYRP1+JlNz7sDN5Qc4yQ oS9NwYllLo2wiQOq4tby1L+9OgxNBWWvsiYxkHnRzNdM0lWIA+Rt0YRt4kqWviv9 HxDtwkDUtPYk7uZODxLzKmCnzJ93CCV4jTjOBhUcvFfmv7xH2W0Vv98OmhSVlYuv f4cKrdMpvmwU0h2qivZM1yYHGjHcEgF0BoNRI92Bvu9f/tggwxQC14mjgWPdcRnA U/XDOmvKIVg7AoRQ2RcJcyuj+zNOSA+PVo3NbHw19A6yqnl9dC/ThDriA2MAPmRD R+Iwf1rYeod8FqOLUEGxOrr+ZVLxzqtQHv4ZZve3w6zJk/8JqqGgoDvBPYkepZNp a2+2+mah6jb2T/XRGF6EOI/dyYRuQe3Ajh4Esp7NWQcJ/yQgxBgM+yuMHguEk225 kLc49iAV2kcKScZA+2SZhsrPE/Lp9DkcstrhgBgwv337b8YJY4I= =0JCm -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8090C0B2-AF5C-4031-93A5-2F33F28B9959>