Please supply the package name, version and the output of "apt-cache policy <pkgname>". That should list where the trojaned package came from (presuming no changes to
sources.list, etc., etc.).
Packaging systems leave audit trails. Even if you get hosed, you can often figure out where and how, and take steps to both correct the upstream issue and identify and mitigate any locally affected systems (generally through a wipe/reinstall if you've got to this stage).
http://seclists.org/fulldisclosure/2006/Mar/132
Please supply the package name, version and the output of "apt-cache policy <pkgname>". That should list where the trojaned package came from (presuming no changes to sources.list, etc., etc.).
Packaging systems leave audit trails. Even if you get hosed, you can often figure out where and how, and take steps to both correct the upstream issue and identify and mitigate any locally affected systems (generally through a wipe/reinstall if you've got to this stage).