There is a whole new wave of PKGBUILD being adopted with probably malicious command added. This time using a tool called "bun".

I have been asked to relay this:

From    Thorsten Wißmann <[email protected]>
To      Marcin Wieczorek <[email protected]>
Date    Today 15:54

Dear Marcin,

I saw that you were active on the AUR mailing list. Since I'm not
subscribed, can you report another malicious user for me?

    Malicious User: https://aur.archlinux.org/account/veramagalhaes
Example change, impersonating me: https://aur.archlinux.org/cgit/aur.git/commit/?h=nodejs-elm&id=4d20101aa40a868a219eabb9d899bf34533c5b59

Best,
Thorsten

Reply via email to