[aur-general] acroread package compromised

Eli Schwartz eschwartz at archlinux.org
Sun Jul 8 06:02:08 UTC 2018

On 07/08/2018 01:54 AM, Eli Schwartz wrote:
> On 07/08/2018 01:48 AM, Queen Wenceslas via aur-general wrote:
>> Hi all,
>> The acroread AUR package appears to have been compromised: look at
>> https://aur.archlinux.org/cgit/aur.git/commit/?h=acroread&id=
>> b3fec9f2f16703c2dae9e793f75ad6e0d98509bc
>> (and in particular that curl|bash line!). Not exactly sure who to
>> contact, but I assume someone on this list can get things sorted out.
>> Cheers,
>> qwence
> Account suspended, commit reverted using Trusted User privileges.
> Thanks.

Also fixed two other packages which were maliciously modified the same way.

Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20180708/f43965cf/attachment-0001.asc>

More information about the aur-general mailing list