Security breach for PHP's popular pear.php.net site

1 view
Skip to first unread message

!!Memphis!!

unread,
Jan 25, 2019, 11:35:08 PM1/25/19
to
<https://www.bleepingcomputer.com/forums/t/690215/security-breach-for-phps-popular-pearphpnet-site/>

Posted 21 January 2019 - 10:40 PM

The twitter feed for the PHP Extension and Application Repository (PEAR) reported on January 19 that there was a security breach.

They additionally indicate that those that have downloaded go-pear.phar in the last six months should get a new copy from github.

The tweets are here:
https://twitter.com/pear/status/1086634389465956352
https://twitter.com/pear/status/1086634503731404800

The home page for php.net currently doesn't indicate anything. Last update for the PHP.net was January 10th regarding the release of PHP versions 5.6.40, 7.1.26, 7.2.14 and 7.3.1.

PEAR is used by several PHP users and a popular source for installing PHP code that other PHP applications depend on.

The PEAR installer does include an optional GPG digital signing but this does not seem to be popularly used or mandated for inclusion on the PEAR hosting site.
Reply all
Reply to author
Forward
0 new messages