Clarrification on whether portsnap was affected by the 2012 compromise
Gary Palmer
gpalmer at freebsd.org
Tue Nov 20 12:15:37 UTC 2012
On Tue, Nov 20, 2012 at 10:49:13AM +0000, John Bayly wrote:
> Regarding the 2012 compromise, I'm a little confused as to what was and
> wasn't affected:
>
> >From the release:
> > or of any ports compiled from trees obtained via any means other than
> > through svn.freebsd.org or one of its mirrors
> Does that mean that any ports updated using the standard "portsnap
> fetch" may have been affected, I'm guessing yes.
>
" We have also verified that the most recently-available portsnap(8) snapshot matches the ports Subversion repository, and so can be fully trusted. "
More information about the freebsd-security
mailing list