Newsgroups: php.doc,php.internals,php.internals Path: news.php.net Xref: news.php.net php.doc:969387877 php.internals:113855 php.internals:113856 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 60209 invoked from network); 29 Mar 2021 21:35:10 -0000 Received: from unknown (HELO localhost.localdomain) (76.75.200.58) by pb1.pair.com with SMTP; 29 Mar 2021 21:35:10 -0000 To: phpdoc@lists.php.net,internals@lists.php.net,Benjamin Morel , Cc: PHP internals References: Message-ID: <333fcce9-9996-d21b-e1d6-8681b2bab13a@telia.com> Date: Mon, 29 Mar 2021 23:32:16 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: sv Content-Transfer-Encoding: 8bit X-Posted-By: 213.64.245.126 Subject: Re: Changes to Git commit workflow Nikita Popov From: bjorn.x.larsson@telia.com (=?UTF-8?Q?Bj=c3=b6rn_Larsson?=) Den 2021-03-29 kl. 23:10, skrev Benjamin Morel: >> >> Hi everyone, >> >> Yesterday (2021-03-28) two malicious commits were pushed to the php-src >> repo [1] from the names of Rasmus Lerdorf and myself. We don't yet know how >> exactly this happened, but everything points towards a compromise of the >> git.php.net server (rather than a compromise of an individual git >> account). >> > > That is scary. Can you disclose the contents of the commits? Are they > specially designed to open a security hole, or to be harmful in another way? > An article from The Hacker News and a tweet from Zerodium about the incident: -https://thehackernews.com/2021/03/phps-git-server-hacked-to-insert-secret.html -https://twitter.com/cBekrar/status/1376469666084757506 r//Björn L