Tuesday, September 25, 2012

Sourceforge Compromised

Just now, i got from PHPMyAdmin's lead developer, Marc Delisle:
the PMASA-2012-5 security advisory has been published on

In short, a SourceForge.net mirror server was compromised, leading to

the distribution of a doctored phpMyAdmin kit containing a backdoor.


languages.zip fetched from this mirror server is
known to be affected. To our knowledge only one mirror is affected,
which appears to be taken offline already. All other SourceForge.net
mirrors are unaffected.

phpMyAdmin security team
For those who are hosting their packages on SourceForge, please check your packages against the checksums and PGP signature (if there are any).

Thanks to Tencent Security Response Center who notifies Marc about this issue.