Date: Mon, 21 Jan 2019 21:23:53 +0100 From: Remko Lodder <remko@FreeBSD.org> To: Stefan Bethke <stb@lassitu.de> Cc: freebsd-security@freebsd.org, "ports-secteam@freebsd.org" <ports-secteam@FreeBSD.org> Subject: Re: PEAR packages potentially contain malicious code Message-ID: <8090C0B2-AF5C-4031-93A5-2F33F28B9959@FreeBSD.org> In-Reply-To: <442DD3E6-5954-4B5B-808B-A2DFE5D7DE4D@lassitu.de> References: <442DD3E6-5954-4B5B-808B-A2DFE5D7DE4D@lassitu.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_3BE09786-6B09-4EA9-A262-44915DCC6DE3 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Stefan, > On 21 Jan 2019, at 21:18, Stefan Bethke <stb@lassitu.de> wrote: >=20 > I=E2=80=99ve just learned that the repository for the PHP PEAR set of = extensions had their distribution server compromised. >=20 > https://twitter.com/pear/status/1086634503731404800 >=20 > I don=E2=80=99t really work with PHP much apart from installing = packages of popular PHP web apps on my servers, so I can=E2=80=99t tell = whether this code made it onto machines building from PEAR sources, or = even into FreeBSD binary packages of PEAR extensions. Given the large = user base for these packages, some advice to FreeBSD users might be well = received. Thank you for sending the headsup to the FreeBSD users. I have CC=E2=80=99ed ports-secteam, they will handle with due care when = more information is available and they can act upon something. I have BCC=E2=80=99ed the maintainer for the PHP port(s), but I am not = entirely sure whether he maintains all the pear ports as well. Again, thank you. Best regards, Remko Hat: Security Team >=20 >=20 > Thanks, > Stefan >=20 > -- > Stefan Bethke <stb@lassitu.de> Fon +49 151 14070811 >=20 > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org" --Apple-Mail=_3BE09786-6B09-4EA9-A262-44915DCC6DE3 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEUZm6tSR1fPPy/V/fqMPbslnzjLAFAlxGKlkACgkQqMPbslnz jLCBbxAAgPsLZY66G5PnHVckkkHfTAm03+SL6SfbL1DhCP10zN7Ir0FeevPHrz/T sTiAGwemfHswhZElIwYoQljWi7C9uhYD+hAUar3raS0Tlbfd6AIsYjBKDiEFd+CM aG5LwdCeW/2piXOaQbzQPFbudEnFRGMXqONgXcm9U4ZDylUnDwMl0xIbKr68GApN ekvepcWpJ546dEx/LZVi7JmcfUgZyB3ddl2M5731pClBDYRP1+JlNz7sDN5Qc4yQ oS9NwYllLo2wiQOq4tby1L+9OgxNBWWvsiYxkHnRzNdM0lWIA+Rt0YRt4kqWviv9 HxDtwkDUtPYk7uZODxLzKmCnzJ93CCV4jTjOBhUcvFfmv7xH2W0Vv98OmhSVlYuv f4cKrdMpvmwU0h2qivZM1yYHGjHcEgF0BoNRI92Bvu9f/tggwxQC14mjgWPdcRnA U/XDOmvKIVg7AoRQ2RcJcyuj+zNOSA+PVo3NbHw19A6yqnl9dC/ThDriA2MAPmRD R+Iwf1rYeod8FqOLUEGxOrr+ZVLxzqtQHv4ZZve3w6zJk/8JqqGgoDvBPYkepZNp a2+2+mah6jb2T/XRGF6EOI/dyYRuQe3Ajh4Esp7NWQcJ/yQgxBgM+yuMHguEk225 kLc49iAV2kcKScZA+2SZhsrPE/Lp9DkcstrhgBgwv337b8YJY4I= =0JCm -----END PGP SIGNATURE----- --Apple-Mail=_3BE09786-6B09-4EA9-A262-44915DCC6DE3--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8090C0B2-AF5C-4031-93A5-2F33F28B9959>