Re: [aur-general] [arch-general] unrealircd 3.2.8.1-2 contains backdoor

Am 13.06.2010 00:57, schrieb Alexander Duscheleit:

Hi folks,

the unrealircd version in community (3.2.8.1-2) has been flagged as containing a backdoor which allows an attacker to execute commands with the privileges of the user running the daemon.

The md5sum in the PKGBUILD (abs) matches the known-bad md5sum from this announcement: http://sourceforge.net/mailarchive/message.php?msg_name=4C134F7E.202%40vulns...

I've already filed a bug as FS#19780 to the community project, but given the severity I thought it would be wise to alert a wider audience.

Maybe you should post to the right list then.

Greetings, Jinks