Bug 553684 - Virus scan of Eclipse package reports Java/CVE-2011-3544.dn malware
Summary: Virus scan of Eclipse package reports Java/CVE-2011-3544.dn malware
Status: NEW
Alias: None
Product: EPP
Classification: Technology
Component: jee-package (show other bugs)
Version: unspecified   Edit
Hardware: Macintosh Mac OS X
: P3 normal (vote)
Target Milestone: ---   Edit
Assignee: Project Inbox CLA
QA Contact:
URL:
Whiteboard:
Keywords: security
Depends on:
Blocks:
 
Reported: 2019-12-02 17:50 EST by Callum Haig CLA
Modified: 2021-09-20 16:09 EDT (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Callum Haig CLA 2019-12-02 17:50:04 EST 
I downloaded eclipse-jee-2019-09-R-macosx-cocoa-x86_64.dmg, and ran my virus scanner (Intego) over it.  An Apache Felix-related jar was indicated to contain "Java/CVE-2011-3544.dn" malware.  See the screenshot for the jar version.
Comment 1 Wayne Beaton CLA 2020-01-10 11:48:35 EST 
The handbook contains some help regarding how we handle vulnerabilities.

https://www.eclipse.org/projects/handbook/#vulnerability
Comment 2 Nitin Dahyabhai CLA 2020-01-13 19:34:18 EST 
Callum, there's no screenshot attached.

Wayne, all of the bundles I see with "felix" in their ID come from the Platform.