For almost three months, versions of three widely distributed open-source applications from Horde.org contained a backdoor that allowed attackers to remotely execute malicious PHP code on systems that ran the programs.

via Malicious backdoor in open-source messaging apps not spotted for 3 months.

This is interesting…

“The impact through Linux distribution should be not so important,” Wednesday’s post went on to say. “Only users who have download the source code from FTP are mainly affected.”

Horde’s advisory said the releases were altered after unidentified hackers breached an FTP server used to distribute the installation packages.