[aur-general] [arch-general] unrealircd 3.2.8.1-2 contains backdoor
Thomas Bächler
thomas at archlinux.org
Sat Jun 12 19:19:02 EDT 2010
Am 13.06.2010 00:57, schrieb Alexander Duscheleit:
> Hi folks,
>
> the unrealircd version in community (3.2.8.1-2) has been flagged as
> containing a backdoor which allows an attacker to execute commands with
> the privileges of the user running the daemon.
>
> The md5sum in the PKGBUILD (abs) matches the known-bad md5sum from this
> announcement:
> http://sourceforge.net/mailarchive/message.php?msg_name=4C134F7E.202%40vulnscan.org
>
> I've already filed a bug as FS#19780 to the community project, but
> given the severity I thought it would be wise to alert a wider audience.
Maybe you should post to the right list then.
> Greetings,
> Jinks
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/aur-general/attachments/20100613/7f831271/attachment.bin>
More information about the aur-general
mailing list