berlios.de compromised since 2005
Seth Vidal
skvidal at fedoraproject.org
Wed Jan 13 17:23:15 UTC 2010
Hi folks,
This lwn article reports that berlios.de has been compromised for a long,
long time.
http://lwn.net/Articles/369633/
So I compiled a little list of pkgs that need a look:
http://skvidal.fedorapeople.org/misc/berlios-pkg-owners-list.txt
Here is the list as well:
arbiter:slim:http://slim.berlios.de/
athimm:freenx-client:http://freenx.berlios.de/
athimm:freenx-server:http://freenx.berlios.de/
ausil:oooqs2:http://segfaultskde.berlios.de/index.php?content=oooqs2
awjb:gimmix:http://gimmix.berlios.de/
bjohnson:unpaper:http://unpaper.berlios.de
bouska:wifi-radar:http://wifi-radar.berlios.de/
caolanm:mythes-es:http://openthes-es.berlios.de
dmaphy:graphem:http://graphem.berlios.de/
dnglaze:openocd:http://openocd.berlios.de/web/
drago01:hardinfo:http://hardinfo.berlios.de/
drago01:pinot:http://pinot.berlios.de/
dwmw2:bcm43xx-fwcutter:http://bcm43xx.berlios.de/
fab:python-wifi:https://developer.berlios.de/projects/pythonwifi/
hguemar:sonata:http://sonata.berlios.de/
hubbitus:sim:http://sim-im.berlios.de/
isimluk:ruby-ncurses:http://ncurses-ruby.berlios.de/
ixs:bitbake:http://developer.berlios.de/projects/bitbake/
jamatos:python-cpio:http://developer.berlios.de/projects/python-cpio/
jcollie:radiusclient-ng:http://developer.berlios.de/projects/radiusclient-ng/
jreznik:kio-ftps:http://kasablanca.berlios.de/kio-ftps/
jspaleta:gpodder:http://gpodder.berlios.de/
kkofler:kio_gopher:http://kgopher.berlios.de/
kwizart:atmel-firmware:http://at76c503a.berlios.de/
kwizart:tslib:http://tslib.berlios.de/
laxathom:soundconverter:http://soundconverter.berlios.de/
limb:netpanzer:http://netpanzer.berlios.de
limb:wavextract:http://developer.berlios.de/projects/wavextract
mgarski:smb4k:http://smb4k.berlios.de/
michaelc:scsi-target-utils:http://stgt.berlios.de
mtasaka:mirage:http://mirageiv.berlios.de/
musuruan:hatari:http://hatari.berlios.de/
oget:canorus:http://canorus.berlios.de/
oget:jjack:http://jjack.berlios.de/
oron:libhocr:http://hocr.berlios.de
ovasik:star:http://cdrecord.berlios.de/old/private/star.html
rdieter:kasablanca:http://kasablanca.berlios.de/
rdieter:lensfun:http://lensfun.berlios.de/
rishi:libgringotts:http://gringotts.berlios.de/
rjones:ocaml-pgocaml:http://developer.berlios.de/projects/pgocaml/
rvokal:net-tools:http://net-tools.berlios.de/
silfreed:gpsd:http://developer.berlios.de/projects/gpsd/
spot:lincity-ng:http://lincity-ng.berlios.de/
stingray:cuetools:http://developer.berlios.de/projects/cuetools/
sundaram:gimmage:http://gimmage.berlios.de/
terjeros:cpipe:http://developer.berlios.de/projects/cpipe/
terjeros:python-tidy:http://utidylib.berlios.de/
till:fatsort:http://fatsort.berlios.de/
twaugh:pyusb:http://pyusb.berlios.de/
vcrhonek:fetchmail:http://fetchmail.berlios.de/
if you're on this list then you need to talk to upstream and find out if
they have done an audit yet. You might consider doing an audit yourself,
if you have the background to know what sort of things to look for.
thanks,
-sv
More information about the devel
mailing list