Extension:TimedMediaHandler - ogv-worker-video/audio.js files
Closed, DeclinedPublic
Actions

Assigned To

None

Authored By

	AhmadF.Cheema
	May 22 2017, 9:15 AM

Description

For some reason, cPaenl's Virus Scanner is indicating the extension javascript files (ogv-worker-audio.js and ogv-worker-video.js) as viruses of type "Html.Exploit.CVE_2016_7288-5475092-0".

The scan was performed on branch master of Extension:TimedMediaHandler version being 0.5.0 (179108f) 11:52, 22 May 2017.

Is this just a known false-positive issue?

Related Objects

Mentioned Here: rETMH179108f513cc: Fix typo in README ("thoera" etc.)

Event Timeline

AhmadF.Cheema created this task.May 22 2017, 9:15 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 22 2017, 9:15 AM

Its not a "known" false positive but its almost certainly a false positive.

Sounds like a false positive, certainly ogv.js is not an exploit. :) Should report upstream to cpanel or clamav or whatever is doing the scanning?

I've submitted them upstream to clamav for false positive checking.

Having T165019 in mind I'd say it's another false positive...

Reedy moved this task from Backlog / Other to External (Non-WMF) Issues on the acl*security board.May 30 2017, 9:48 AM

I'm going to resolve this bug. There's literally nothing we can do here.

Bawolff changed the task status from Invalid to Declined.Jul 19 2017, 6:37 AM

Bawolff changed the visibility from "Custom Policy" to "Public (No Login Required)".

• chasemp added a project: Security.Feb 10 2020, 10:52 PM

• chasemp removed a project: acl*security.Feb 20 2020, 8:13 PM

Extension:TimedMediaHandler - ogv-worker-video/audio.js filesClosed, DeclinedPublicActions

Description

Related Objects

Event Timeline

Extension:TimedMediaHandler - ogv-worker-video/audio.js files
Closed, DeclinedPublic
Actions