On 25 Sep 2012 15:37, "Matthew Seaman" <[email protected]> wrote: > > > Dear all, > > If you install phpMyAdmin from ports, you shouldn't be vulnerable to the > security problem described in PMASA-2012-5: > > Firstly, the ports checks the SHA256 checksum of distributed > tarballs, which should prevent this sort of tampering. > > Secondly, the distfile the port uses is > phpMyAdmin-3.5.2.2-all-languages.tar.xz > not the .zip -- and so far only the .zip is known to have been > compromised. > > However, if you should see distfile checksum warnings when trying to > install phpMyAdmin please do let me know about it, if possible including > which sourceforge mirror you downloaded from and when. I hope it is > needless to say this, but if the SHA256 checksum doesn't match then > *don't install*.
This is exactly the reason distinfo changes should be suspected and be accompanied by an explanation/diff. Thanks for sharing :) Chris _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[email protected]"
