Hopefully this does not affect you but if you are running something like Arch, OpenSUSE tumbleweed, Debian sid or Fedora Rawhide and use SSH for remote access you should do a full wipe.

  • SMillerNL@lemmy.world
    cake
    link
    fedilink
    arrow-up
    2
    arrow-down
    2
    ·
    1 年前

    No, it was snuck into the website download of the source code. If you got it from GitHub it was fine, if you got it from their website you got pwnd

    • hydroptic@sopuli.xyz
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      1 年前

      That’s not correct as far as I can tell. The backdoored code ended up in release tarballs (but not source tarballs because of autoconf fuckery), see eg. this mailing list discussion.