Attackers used a remote exploit to compromise an rsync.gentoo.org machine holding a copy of the emerge repository and implant a rootkit
N/A
The attackers were able to compromise filesystem of the source code repository and thus possibly (but highly unlikely) serve malicious packages to users.