[arch-general] php-pear compromised
ProgAndy
admin at progandy.de
Wed Jan 23 21:16:14 UTC 2019
Am 23.01.19 um 22:08 schrieb Andy Pieters:
> Any of you seen the news about php-pear?
>
> There's an AUR package that downloads from pear.php.net so if that was
> within the last 6 months it could have been the compromised one?
>
> https://thehackernews.com/2019/01/php-pear-hacked.html
>
Please read the note in the aur comments.
https://aur.archlinux.org/packages/php-pear/
Pierre commented on 2019-01-20 08:55
> Warning: The change in checksum was due to a security breach > at
PEAR. The PEAR installer was tainted:
> https://mobile.twitter.com/pear/status/1086634503731404800
>
> You were affected if you installed php-pear 1:1.10.7-2
More information about the arch-general
mailing list