[FFmpeg-cvslog] [ffmpeg-web] branch master updated. 049eabf web: Disclose security breach on Trac server

gitolite ffmpeg-cvslog at ffmpeg.org
Sun Feb 9 23:39:01 CET 2014 

The branch, master has been updated
       via  049eabffac281f9c1c2e2b9427006c8ebec0052c (commit)
      from  81c6eb2603a2baea3d2562a77085c969de4e8cc1 (commit)


- Log -----------------------------------------------------------------
commit 049eabffac281f9c1c2e2b9427006c8ebec0052c
Author:     Alexander Strasser <eclipse7 at gmx.net>
AuthorDate: Sun Feb 9 23:31:17 2014 +0100
Commit:     Alexander Strasser <eclipse7 at gmx.net>
CommitDate: Sun Feb 9 23:44:03 2014 +0100

    web: Disclose security breach on Trac server
    
    Edited by me.
    
    Originally-written-by: Michael Niedermayer <michaelni at gmx.at>

diff --git a/src/index b/src/index
index b666d40..8ad181a 100644
--- a/src/index
+++ b/src/index
@@ -12,6 +12,25 @@ changes.
 <img src="gplus-16.png" alt="Google+" style="vertical-align: middle; margin-left: 16px"/></a></h1>
 
 
+<a id="trac_sec"></a><h3>February 9, 2014, trac.ffmpeg.org /
+trac.mplayerhq.hu Security Breach</h3>
+<p>
+The server on which FFmpeg and MPlayer Trac issue trackers were
+installed was compromised. The affected server was taken offline
+and has been replaced and all software reinstalled.
+FFmpeg Git, releases, FATE, web and mailinglists are on other servers
+and where not affected. We believe that the original compromise happened
+to a server, unrelated to FFmpeg and MPlayer, several months ago.
+That server was used as a source to clone the VM that we recently moved
+Trac to. It is not known if anyone used the backdoor that was found.
+</p>
+<p>
+We recommend all users to change their passwords.
+<b>Especially users who use a password on Trac that they also use
+elsewhere, should change that password at least elsewhere.</b>
+</p>
+
+
 <a id="ffmpeg_rfp"></a><h3>November 12, 2013, FFmpeg RFP in Debian</h3>
 <p>
 Since the splitting of Libav the Debian/Ubuntu maintainers have followed

-----------------------------------------------------------------------

Summary of changes:
 src/index |   19 +++++++++++++++++++
 1 files changed, 19 insertions(+), 0 deletions(-)


hooks/post-receive
--

More information about the ffmpeg-cvslog mailing list