On 6/11/26 19:47, Jonathan Grotelüschen wrote:
Hi everyone,

we’re working hard to reset/delete all malicious commits and ban the accounts.

If you find more malicious packages, please **send them as a reply to this email** to keep them all in one thread.

Hi more packages infected with the new bun js-digest attack:

- ruby-oauth
- ruby-activerecord
- ruby-activemodel
- ruby-thread_safe

They all use different AUR accounts which I assume are all malicious as well.

Thanks for cleaning this up!


Thanks!

--
tippfehlr

Cheers,
Mario

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply via email to