Date: Thu, 02 Dec 2010 14:00:46 -0800 From: Chuck Swiger <cswiger@mac.com> To: Ivan Klymenko <fidaj@ukr.net> Cc: freebsd-ports@freebsd.org Subject: Re: ftp/proftpd 1.3.3c with a version which contained a backdoor. Message-ID: <17BFBD62-414E-448B-A3CE-825C9467138E@mac.com> In-Reply-To: <20101202232206.66c672a1@ukr.net> References: <20101202232206.66c672a1@ukr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 2, 2010, at 1:22 PM, Ivan Klymenko wrote: > What do you think is it worth to pay attention to these events: > http://sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org > > and that in this case needs to be done with the port ftp/proftpd itself? Presumably/hopefully, the proftpd tarball which contained the backdoor would fail to match the distinfo for the port: SHA256 (proftpd-1.3.3c.tar.bz2) = ea7f02e21f81e6ce79ebde8bbbd334bd269a039ac9137196a35309f791b24db1 SIZE (proftpd-1.3.3c.tar.bz2) = 4166609 Checking, the tarball you now fetch is the one which matches their md5 and GnuPG signing from the link above... Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17BFBD62-414E-448B-A3CE-825C9467138E>