源頭在于wiki.php.net的漏洞導(dǎo)致wiki賬號被盜，而wiki的賬號和php代碼源的SVN提交權(quán)限相關(guān)聯(lián)。

有圖有真相：

原文：

The wiki.php.net boxwas compromised and the attackers were able to collect wiki account credentials. No other machines in the php.net infrastructure appear to have been affected. Our biggest concern is, of course, the integrity of our source code. We did an extensive code audit and looked at every commit since 5.3.5 to make sure that no stolen accounts were used to inject anything malicious. Nothing was found. The compromised machine has been wiped and we are forcing a password change for all svn accounts.

We are still investigating the details of the attack which combined a vulnerability in the Wiki software with a Linux root exploit.

內(nèi)容大致是：

由于wiki賬號被盜，PHP的代碼源極有可能被污染，當(dāng)然，PHP團隊已經(jīng)做最大的努力以保證自PHP5.3.5版本的代碼沒有收到污染，并且強迫SVN修改現(xiàn)有的密碼。

而事件目前的狀態(tài)是，他們?nèi)匀粵]法鎖定漏洞所在，因為他們?nèi)栽谂挪椤?/p>

一個很明顯的問題是，PHP5.3.6以及其后續(xù)版本的代碼已經(jīng)被污染，目前只能把未受污染的代碼版本確保到PHP5.3.5，下載PHP代碼的人，要小心了。

而windows.php.net和wiki.php.net也已經(jīng)暫停訪問。

文章來源：http://www.cnbeta.com/articles/138261.htm