Hi Stefan, > On 21 Jan 2019, at 21:18, Stefan Bethke <[email protected]> wrote: > > I’ve just learned that the repository for the PHP PEAR set of extensions had > their distribution server compromised. > > https://twitter.com/pear/status/1086634503731404800 > > I don’t really work with PHP much apart from installing packages of popular > PHP web apps on my servers, so I can’t tell whether this code made it onto > machines building from PEAR sources, or even into FreeBSD binary packages of > PEAR extensions. Given the large user base for these packages, some advice to > FreeBSD users might be well received.
Thank you for sending the headsup to the FreeBSD users. I have CC’ed ports-secteam, they will handle with due care when more information is available and they can act upon something. I have BCC’ed the maintainer for the PHP port(s), but I am not entirely sure whether he maintains all the pear ports as well. Again, thank you. Best regards, Remko Hat: Security Team > > > Thanks, > Stefan > > -- > Stefan Bethke <[email protected]> Fon +49 151 14070811 > > _______________________________________________ > [email protected] mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "[email protected]"
signature.asc
Description: Message signed with OpenPGP
