P.J. Hinton wrote in to send us a link to a CERT advisory explaining that the sources to TCP wrappers were actually replaced with a nice new and improved version. Complete with a trojan. It was caught fairly quickly after it was uploaded, but it's still kinda scary. Update: 01/22 01:07 by CT : Several people sent the Bugtraq post over at Linux Today. A lot more details clarifying the situation.