[FFmpeg-user] trac.ffmpeg.org / trac.mplayerhq.hu Security Breach

Alexander Strasser eclipse7 at gmx.net
Thu Feb 13 19:42:03 CET 2014


Some people might not follow ffmpeg.org closely, the following news were posted
originally at https://ffmpeg.org/#trac_sec

The server on which FFmpeg and MPlayer Trac issue trackers were installed was compromised.
The affected server was taken offline and has been replaced and all software reinstalled.
FFmpeg Git, releases, FATE, web and mailinglists are on other servers and were not affected.
We believe that the original compromise happened to a server, unrelated to FFmpeg and MPlayer,
several months ago. That server was used as a source to clone the VM that we recently moved
Trac to. It is not known if anyone used the backdoor that was found.

We recommend all users to change their passwords. Especially users who use a password on Trac
that they also use elsewhere, should change that password at least elsewhere. 


  Alexander
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-user/attachments/20140213/2840856d/attachment.asc>


More information about the ffmpeg-user mailing list