Afternoon, folks;

    Just a three-list cross-post to bring it to everyone's attention
at once, in case you weren't already aware.  It was announced today
that a compromised SourceForge mirror was distributing a malicious
file with the phpMyAdmin package that allows an attacker to
arbitrarily execute code on a server hosting the exploitable package.
Obligatory (not intentionally self-serving) social media link here:

    I don't especially know how this might affect other projects that
are hosting on the same mirror, but I hope at least some of the more
popular projects will take a moment to verify the integrity of their
packages on the affected mirror ('cdnetworks-kr-1' mirror in Korea,
for those interested).

    Those of you who have phpMyAdmin installed should check
immediately to see if your installation is vulnerable to the exploit,
particularly if it's auto-updated or has been installed or updated

    We now return you to your regularly-scheduled Tuesday (unless
you're east of the EEST time zone, in which case, Happy Hump Day).

</Daniel P. Brown>
Network Infrastructure Manager

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to