[arch-general] php-pear compromised

Andy Pieters arch-general at andypieters.me.uk
Wed Jan 23 21:29:01 UTC 2019


On Wed, Jan 23, 2019 at 10:16 PM ProgAndy <admin at progandy.de> wrote:
> Please read the note in the aur comments.
>
> https://aur.archlinux.org/packages/php-pear/
> Pierre commented on 2019-01-20 08:55
>
> > Warning: The change in checksum was due to a security breach > at
> PEAR. The PEAR installer was tainted:
> > https://mobile.twitter.com/pear/status/1086634503731404800
> >
> > You were affected if you installed php-pear 1:1.10.7-2

I admit the wording of my post can do with improving. My intention was
trying to convey to the arch-general community that php-pear was
compromised and unless people keep up with the tech news, they will
not be going to the AUR website to check on their packages so they
would not know what happened.


More information about the arch-general mailing list