Den 2021-03-29 kl. 23:10, skrev Benjamin Morel:
Hi everyone,
Yesterday (2021-03-28) two malicious commits were pushed to the php-src
repo [1] from the names of Rasmus Lerdorf and myself. We don't yet know how
exactly this happened, but everything points towards a compromise of the
git.php.net server (rather than a compromise of an individual git
account).
That is scary. Can you disclose the contents of the commits? Are they
specially designed to open a security hole, or to be harmful in another way?
An article from The Hacker News and a tweet from Zerodium about the
incident:
-https://thehackernews.com/2021/03/phps-git-server-hacked-to-insert-secret.html
-https://twitter.com/cBekrar/status/1376469666084757506
r//Björn L
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php