Seth Vidal wrote:
Hi folks,
This lwn article reports that berlios.de has been compromised for a long,
long time.
http://lwn.net/Articles/369633/
So I compiled a little list of pkgs that need a look:
http://skvidal.fedorapeople.org/misc/berlios-pkg-owners-list.txt
Here is the list as well:
arbiter:slim:http://slim.berlios.de/
athimm:freenx-client:http://freenx.berlios.de/
athimm:freenx-server:http://freenx.berlios.de/
ausil:oooqs2:http://segfaultskde.berlios.de/index.php?content=oooqs2
awjb:gimmix:http://gimmix.berlios.de/
bjohnson:unpaper:http://unpaper.berlios.de
bouska:wifi-radar:http://wifi-radar.berlios.de/
caolanm:mythes-es:http://openthes-es.berlios.de
dmaphy:graphem:http://graphem.berlios.de/
dnglaze:openocd:http://openocd.berlios.de/web/
drago01:hardinfo:http://hardinfo.berlios.de/
drago01:pinot:http://pinot.berlios.de/
dwmw2:bcm43xx-fwcutter:http://bcm43xx.berlios.de/
fab:python-wifi:https://developer.berlios.de/projects/pythonwifi/
hguemar:sonata:http://sonata.berlios.de/
hubbitus:sim:http://sim-im.berlios.de/
isimluk:ruby-ncurses:http://ncurses-ruby.berlios.de/
ixs:bitbake:http://developer.berlios.de/projects/bitbake/
jamatos:python-cpio:http://developer.berlios.de/projects/python-cpio/
jcollie:radiusclient-ng:http://developer.berlios.de/projects/radiusclient-ng/
jreznik:kio-ftps:http://kasablanca.berlios.de/kio-ftps/
jspaleta:gpodder:http://gpodder.berlios.de/
kkofler:kio_gopher:http://kgopher.berlios.de/
kwizart:atmel-firmware:http://at76c503a.berlios.de/
kwizart:tslib:http://tslib.berlios.de/
laxathom:soundconverter:http://soundconverter.berlios.de/
limb:netpanzer:http://netpanzer.berlios.de
limb:wavextract:http://developer.berlios.de/projects/wavextract
mgarski:smb4k:http://smb4k.berlios.de/
michaelc:scsi-target-utils:http://stgt.berlios.de
mtasaka:mirage:http://mirageiv.berlios.de/
musuruan:hatari:http://hatari.berlios.de/
oget:canorus:http://canorus.berlios.de/
oget:jjack:http://jjack.berlios.de/
oron:libhocr:http://hocr.berlios.de
ovasik:star:http://cdrecord.berlios.de/old/private/star.html
rdieter:kasablanca:http://kasablanca.berlios.de/
rdieter:lensfun:http://lensfun.berlios.de/
rishi:libgringotts:http://gringotts.berlios.de/
rjones:ocaml-pgocaml:http://developer.berlios.de/projects/pgocaml/
rvokal:net-tools:http://net-tools.berlios.de/
silfreed:gpsd:http://developer.berlios.de/projects/gpsd/
spot:lincity-ng:http://lincity-ng.berlios.de/
stingray:cuetools:http://developer.berlios.de/projects/cuetools/
sundaram:gimmage:http://gimmage.berlios.de/
terjeros:cpipe:http://developer.berlios.de/projects/cpipe/
terjeros:python-tidy:http://utidylib.berlios.de/
till:fatsort:http://fatsort.berlios.de/
twaugh:pyusb:http://pyusb.berlios.de/
vcrhonek:fetchmail:http://fetchmail.berlios.de/
if you're on this list then you need to talk to upstream and find out if
they have done an audit yet. You might consider doing an audit yourself,
if you have the background to know what sort of things to look for.
Thanks, Seth. And if we don't, what's a good resource for security
auditing n00bs?
-J
thanks,
-sv
--
in your fear, seek only peace
in your fear, seek only love
-d. bowie