Date: Mon, 21 Jan 2019 21:18:59 +0100 From: Stefan Bethke <stb@lassitu.de> To: freebsd-security@freebsd.org Subject: PEAR packages potentially contain malicious code Message-ID: <442DD3E6-5954-4B5B-808B-A2DFE5D7DE4D@lassitu.de>
next in thread | raw e-mail | index | archive | help
I=E2=80=99ve just learned that the repository for the PHP PEAR set of = extensions had their distribution server compromised. https://twitter.com/pear/status/1086634503731404800 I don=E2=80=99t really work with PHP much apart from installing packages = of popular PHP web apps on my servers, so I can=E2=80=99t tell whether = this code made it onto machines building from PEAR sources, or even into = FreeBSD binary packages of PEAR extensions. Given the large user base = for these packages, some advice to FreeBSD users might be well received. Thanks, Stefan --=20 Stefan Bethke <stb@lassitu.de> Fon +49 151 14070811
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?442DD3E6-5954-4B5B-808B-A2DFE5D7DE4D>