This account was created June 11th using a bogus Gmail address, and took
ownership of both vbam-git, and mingw-w64-geos. At the time of writing,
there do not appear to be any malicious commits (I have a local copy of
vbam-git's PKGBUILD, which was not updated yesterday when doing a git
pull), but since this attack has been done in waves, it's possible these
were being reserved for a third, especially since the account was created
after previous waves.

Account: https://aur.archlinux.org/account/ivonahruskova
Packages: https://aur.archlinux.org/packages?K=ivonahruskova&SeB=m

Reply via email to