[rt.admin.canonical.com #124242] Re: Malicious package in the archive [training]

Eduardo Barretto eduardo.barretto at canonical.com
Thu Feb 13 17:11:40 UTC 2020


Escalating this a little further.

We need to get the malicious package removed from the archive.
jk0ne already on this.

PS: TESTING PURPOSE

On Thu, Feb 13, 2020 at 04:46:09PM +0000, eduardo.barretto at canonical.com via RT wrote:
> CCing archive admins
> 
> PS: training purpose
> 
> On Thu, Feb 13, 2020 at 04:39:48PM +0000, The default queue via RT wrote:
> > ** This is an auto reply. **
> > 
> > Canonical IS has received your message. Your ticket has been assigned
> > an ID of #124242. We will process your ticket as quickly as possible.
> > 
> > Please include the following text in the subject line of all future
> > correspondence about this issue: [rt.admin.canonical.com #124242]
> > 
> > You may also reply to this message.
> > 
> > Once the ticket has been triaged, you can check the status of your request
> > by visiting the link below: 
> > https://portal.admin.canonical.com/124242
> > 
> > 
> > Thank you,
> > Canonical IS
> > 
> > ----- Original Message -----
> > 
> > Hey IS,
> > 
> > At 13:29 (GMT-2) we found a malicious code in a package that was recently
> > uploaded to the archive.
> > 
> > Impact: a new deb package
> > (hello - https://launchpad.net/ubuntu/+source/hello/2.10-1build2) was uploaded
> > to the archive and it contains malicious code. This affects all users running
> > Bionic and we are considering it to be critical.
> > Severity: Critical
> > Release: bionic only
> > 
> > @Mark, can you escalate this issue?
> > 
> > 
> > Please escalate this accordingly:
> > https://wiki.canonical.com/UbuntuEngineering/DealingWithCrisis
> > 
> > Eduardo
> > 
> > 
> > PS: training purpose
> > https://wiki.canonical.com/UbuntuEngineering/Security/ttx
> > 
> 
> 
> 
> 
>  


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-archive/attachments/20200213/36fe6880/attachment.sig>


More information about the ubuntu-archive mailing list