Bug 553684

Summary: Virus scan of Eclipse package reports Java/CVE-2011-3544.dn malware
Product: [Technology] EPP Reporter: Callum Haig <c411vm>
Component: jee-packageAssignee: Project Inbox <epp.packager-inbox>
Status: NEW --- QA Contact:
Severity: normal    
Priority: P3 CC: cbridgha, thatnitind, wayne.beaton
Version: unspecifiedKeywords: security
Target Milestone: ---   
Hardware: Macintosh   
OS: Mac OS X   
Whiteboard:

Description Callum Haig CLA 2019-12-02 17:50:04 EST 
I downloaded eclipse-jee-2019-09-R-macosx-cocoa-x86_64.dmg, and ran my virus scanner (Intego) over it.  An Apache Felix-related jar was indicated to contain "Java/CVE-2011-3544.dn" malware.  See the screenshot for the jar version.
Comment 1 Wayne Beaton CLA 2020-01-10 11:48:35 EST 
The handbook contains some help regarding how we handle vulnerabilities.

https://www.eclipse.org/projects/handbook/#vulnerability
Comment 2 Nitin Dahyabhai CLA 2020-01-13 19:34:18 EST 
Callum, there's no screenshot attached.

Wayne, all of the bundles I see with "felix" in their ID come from the Platform.