PHP code source may be contaminated recommended download be careful

PHP official website (http://www.php.net/)

March 25 News: According to the PHP official website posted news that its Wiki account was stolen, due to wiki.php.net vulnerabilities, and the wiki account and PHP code source of the SVN submission permissions associated, resulting in the PHP code is contaminated.

It is understood that PHP5.3.6 and its subsequent version of the code has been contaminated, only the unpolluted version of the code to ensure that the PHP5.3.5, download PHP code users need to be cautious.

Original content: The Wiki.php.net box is compromised and the attackers were able to collect wiki account credentials. No other machines in the php.net infrastructure appear to have been. Our biggest concern are, of course, the integrity of our source code. We did a extensive code audit and looked at every commit since 5.3.5 to make sure this no stolen accounts were used to in Ject anything malicious. Nothing is found. The compromised machine has been wiped and we are forcing a password change to all SVN accounts. We are still investigating the details of the attack which combined a vulnerability in the Wiki software with a Linux root Exploit.

The content is roughly:

Because the wiki account is stolen, PHP's code source is very likely to be contaminated, of course, the PHP team has done its best to ensure that the PHP5.3.5 version of the code did not receive pollution, and forced SVN to modify the existing password.

The current state of affairs is that they are still unable to lock in the hole because they are still troubleshooting.

One obvious problem is that PHP5.3.6 and its subsequent versions of the code have been contaminated, so that only the unpolluted version of the code can be guaranteed to PHP5.3.5, and the person downloading the PHP code should be careful.

Windows.php.net and Wiki.php.net have also been suspended.