php.net security notice
The wiki.php.net box was compromised and the attackers were able to
collect wiki account credentials. No other machines in the php.net
infrastructure appear to have been affected. Our biggest concern is,
of course, the integrity of our source code. We did an extensive code
audit and looked at every commit since 5.3.5 to make sure that no stolen
accounts were used to inject anything malicious. Nothing was found.
The compromised machine has been wiped and we are forcing a password
change for all svn accounts.
We are still investigating the details of the attack which combined a vulnerability in the Wiki software with a Linux root exploit.