dub bad, aur hack edition
user1234
user1234 at 12.de
Tue Jun 16 21:52:11 UTC 2026
On Sunday, 14 June 2026 at 05:34:26 UTC, monkyyy wrote:
> https://github.com/lenucksi/aur-malware-check/blob/a03038980a2fd93b42a9630df44ce78533d938b4/package_list.txt#L298
>
> https://lunduke.substack.com/p/rust-based-malware-hits-14-of-arch
>
> so, fun fact, the npm clone did the npm things. If you used dub
> in the past few days maybe you should nuke your system.
>
> If `dub-git 1.11.0.alpha.1.r11.2cbab87-1` is out of date, maybe
> it should just be deleted
The real problem was that non-power users of arch linux could get
powned. Like "I use Arch I'm the boss".. The effect of the
exploit is rather limited I would say.
It's a bit funny that this affects the very niche D lang tho.
More information about the Digitalmars-d
mailing list