Hopefully this does not affect you but if you are running something like Arch, OpenSUSE tumbleweed, Debian sid or Fedora Rawhide and use SSH for remote access you should do a full wipe.

  • @SMillerNL
    link
    19 months ago

    No, it was snuck into the website download of the source code. If you got it from GitHub it was fine, if you got it from their website you got pwnd

    • @[email protected]
      link
      fedilink
      39 months ago

      That’s not correct as far as I can tell. The backdoored code ended up in release tarballs (but not source tarballs because of autoconf fuckery), see eg. this mailing list discussion.

      • @SMillerNL
        link
        29 months ago

        Ah, you’re right. I wasn’t aware they had release tars on GitHub as well