Opened 8 years ago
Closed 6 years ago
#52146 closed defect (fixed)
transmission @2.92_0: switch to GitHub
| Reported by: | sierkb@… | Owned by: | kurthindenburg (Kurt Hindenburg) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | |
| Keywords: | Cc: | ||
| Port: | transmission |
Description (last modified by larryv (Lawrence Velázquez))
Quote from https://transmissionbt.com/keydnap_qa/:
- Q: What happened?
- A: It appears that on or about August 28, 2016, unauthorized access was gained to our website server. The official Mac version of Transmission 2.92 was replaced with an unauthorized version that contained the OSX/Keydnap malware. The infected file was available for download somewhere between a few hours and less than a day. Additional information about the malware is available here and here.
- Q: What steps have been taken following the incident?
- A: The infected file was removed from the server immediately upon discovering its existence, which was less than 24 hours after the file was posted to the website. To help prevent future incidents, we have migrated the website and all binary files from our current servers to GitHub. Other services, which are currently unavailable, will be migrated to new servers in the coming days. As an added precaution, we will be hosting the binaries and the website (including checksums) in two separate repositories.
- Q: Am I at risk?
- A: The infected file was available for download from our website for less than a day, and the file was not available through the auto-update mechanism. Steps to check for, and remove, an infection are available here.
- Q: Can you share any more information about this incident?
- A: We are in the process of investigating the incident and will share any relevant information that we discover here.
If you have any questions or information about the incident, please send an email to security@….
Please change transmission's port file and its master_sites accordingly to at least the new project's official mirror server on GitHub https://github.com/transmission/transmission, https://github.com/transmission/transmission/releases or to the announced upcoming new location or both of them. Additionally: the port file's current 2 master_sites locations seem to be unavailable/switched off.
Change History (4)
comment:1 Changed 8 years ago by larryv (Lawrence Velázquez)
| Cc: | khindenburg removed |
|---|---|
| Description: | modified (diff) |
| Keywords: | update dowload location removed |
| Owner: | changed from macports-tickets@… to khindenburg@… |
| Summary: | transmission: change port file to new download location → transmission @2.92_0: switch to GitHub |
| Type: | update → defect |
| Version: | 2.3.4 |
comment:2 Changed 8 years ago by kurthindenburg (Kurt Hindenburg)
Thanks, since the checksums for the file are github are different, I'll wait to change this to use github.
THe checksums we use match those on their official site.
comment:4 Changed 6 years ago by kurthindenburg (Kurt Hindenburg)
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Trac requires full email addresses.