Hacker News new | past | comments | ask | show | jobs | submit login

The article mentions 3 infected packages. But it only lists one: acroread.

Then the comment section mentions the other one is libvlc.

But the mailing list says this is something different: https://lists.archlinux.org/pipermail/aur-general/2018-July/...

So then there's still two missing.

Here's what I've found that he maintained:

1) balz (https://archive.fo/TjIQI)

2) minergate (https://archive.fo/TjIQI)

3) acroread - as mentioned (https://my.mixtape.moe/kvfpmk.png)

So those "balz" and "minergate" could be the missing two.

Edit: seems like archive.fo is temporarily down, so it will just be my word for it right now. Sorry.




There was some more questions about the affected packages on IRC. I posted a mail to the thread with the packages and versions. https://lists.archlinux.org/pipermail/aur-general/2018-July/...


Someone was questioning if `libvlc` could be considered dangerous. However the package download our packaged `vlc` packages and just repackages the `/usr/lib/libvlc*` files into a new package.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: