Full Disclosure mailing list archives
Re: dikline suspected to be behind repositoryhacking.
From: Rudolph Pereira <rudolph () usyd edu au>
Date: Tue, 7 Mar 2006 10:03:48 +1100
On Mon, Mar 06, 2006 at 10:53:32PM +0000, Jason Savora wrote:
Our development machine sources list was: deb http://security.debian.org/ stable/updates main deb ftp://debian.fastweb.it/debian/ testing main contrib non-free deb-src ftp://debian.fastweb.it/debian/ testing main deb http://http.us.debian.org/debian stable main contrib non-free deb http://non-us.debian.org/debian-non-US stable/non-US main contrib non-free deb http://ftp.digex.net/debian/ stable main non-free contrib deb http://irssi.qvr.info/debian/ sarge/ deb http://irssi.qvr.info/debian/ sid/ deb http://localhost/backup/db testing main
Unfortunately that's not very useful. Please supply the package name, version and the output of "apt-cache policy <pkgname>". That should list where the trojaned package came from (presuming no changes to sources.list, etc., etc.). Once you've established where it came from you can trace the provenance of the package (likely a path from the "original" package source through mirrors, etc.) Thanks
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: dikline suspected to be behind repositoryhacking. Krpata, Tyler (Mar 06)
- RE: dikline suspected to be behind repositoryhacking. Jason Savora (Mar 06)
- Re: dikline suspected to be behind repositoryhacking. Rudolph Pereira (Mar 06)
- RE: dikline suspected to be behind repositoryhacking. Jason Savora (Mar 06)