X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:mime-version:to:subject :content-type:content-transfer-encoding; q=dns; s=default; b=xfF 6PREr3Sx69hfe61uxw4Kdl8KON/E2C60fflBFzwgzS05fHaIkSzRsmOzFsKOiBPm tuq8bOt8qKeI064aLVb0IcCIDsyoSvsPqsxXj5yxEQoKOHVuo9Tro8sv3WXLqqc2 SfUfAIOB6xfvq9CJreWTAm81EXwJVG4ivlDCw2rY= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:mime-version:to:subject :content-type:content-transfer-encoding; s=default; bh=DemdKd7EA iYlpj8IOBRJ0u5dnVc=; b=kD00lhHyOKIoMviUQ9YI2Xd6Aq3N+A7oHEXFse1At I9aTpstpC4BUmsLgXs+KdSm7OaBOm2QMX5T++O5VJXmCrSX9R4Et0gQnMKCR1w86 3qdapSCUioTRPy2H59IbBPZTo0InaX2jEyrGkpC2FPK0W6RWp56Qw7m+Jc8nf3VL w0= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.3 required=5.0 tests=AWL,BAYES_50,RCVD_IN_DNSWL_LOW,SPF_SOFTFAIL autolearn=no version=3.3.2 X-HELO: mail12.tpgi.com.au X-TPG-Junk-Status: Message not scanned X-TPG-Abuse: host=220-245-251-204.static.tpgi.com.au; ip=220.245.251.204; date=Tue, 28 Jul 2015 18:45:56 +1000 Message-ID: <55B7413D.1040308@shaddybaddah.name> Date: Tue, 28 Jul 2015 18:45:49 +1000 From: Shaddy Baddah User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Icedove/31.7.0 MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Mcafee e'prise false positive on (x86) texlive-collection-fontsrecommended? Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Hi, My companies locked down desktop environment forces a weekly virus scan. Yesterday's (Mon 27/07) scan deleted (without recourse unfortunately) files from the texlive-collection-fontsrecommended, claiming they were infected(??) with CVE-2015-2426 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2426). Here's the list of files that were deleted: $ cygcheck -vc texlive-collection-fontsrecommended Cygwin Package Information Last downloaded files to: c:\Users\Public\Downloads\cygwin-x86-setuparea Last downloaded files from: http://mirror.aarnet.edu.au/pub/sourceware/cygwin/ Package Version Status Missing file: /usr/share/texmf-dist/fonts/opentype/public/lm-math/latinmodern-math.otf from package texlive-collection-fontsrecommended Missing file: /usr/share/texmf-dist/fonts/opentype/public/tex-gyre-math/texgyrebonum-math.otf from package texlive-collection-fontsrecommended Missing file: /usr/share/texmf-dist/fonts/opentype/public/tex-gyre-math/texgyreschola-math.otf from package texlive-collection-fontsrecommended Missing file: /usr/share/texmf-dist/fonts/opentype/public/tex-gyre-math/texgyretermes-math.otf from package texlive-collection-fontsrecommended texlive-collection-fontsrecommended 20140523-2 Incomplete And the description of the vulnerability: Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability." Is this a false positive on the part of the Virus Scanner? Or, as the package is dated from before the vulnerability report, does the package need an update? -- Thanks in advance, Shaddy -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple