Comment by pandasun
8 years ago
The article mentions 3 infected packages. But it only lists one: acroread.
Then the comment section mentions the other one is libvlc.
But the mailing list says this is something different: https://lists.archlinux.org/pipermail/aur-general/2018-July/...
So then there's still two missing.
Here's what I've found that he maintained:
1) balz (https://archive.fo/TjIQI)
2) minergate (https://archive.fo/TjIQI)
3) acroread - as mentioned (https://my.mixtape.moe/kvfpmk.png)
So those "balz" and "minergate" could be the missing two.
Edit: seems like archive.fo is temporarily down, so it will just be my word for it right now. Sorry.
There was some more questions about the affected packages on IRC. I posted a mail to the thread with the packages and versions. https://lists.archlinux.org/pipermail/aur-general/2018-July/...
Someone was questioning if `libvlc` could be considered dangerous. However the package download our packaged `vlc` packages and just repackages the `/usr/lib/libvlc*` files into a new package.