[arch-general] unrealircd 3.2.8.1-2 contains backdoor
Alexander Duscheleit
jinks at archlinux.us
Sat Jun 12 18:57:38 EDT 2010
Hi folks,
the unrealircd version in community (3.2.8.1-2) has been flagged as
containing a backdoor which allows an attacker to execute commands with
the privileges of the user running the daemon.
The md5sum in the PKGBUILD (abs) matches the known-bad md5sum from this
announcement:
http://sourceforge.net/mailarchive/message.php?msg_name=4C134F7E.202%40vulnscan.org
I've already filed a bug as FS#19780 to the community project, but
given the severity I thought it would be wise to alert a wider audience.
Greetings,
Jinks
More information about the arch-general
mailing list