Has LyX Been Hacked?
Pavel Sanda
sanda at lyx.org
Tue Jan 31 14:04:48 UTC 2023
On Tue, Jan 31, 2023 at 02:54:37PM +0100, Pavel Sanda wrote:
> On Tue, Jan 31, 2023 at 11:53:12PM +1300, Paul Kiwi wrote:
> > >
> > > Can you at least give us your sumcheck of the file you downloaded?
> > >
> >
> > MD5 checksum:
> >
> > c05861976d18d29b0a04792c8b2e844d
> >
> > SHA256 checksum:
> >
> > 091cd793c21cb24a87a52c6622f7dfe0a6921f0912847ae06eea33a367ff92da
>
> Both are correct.
>
> So neither on the server nor on the way to your computer anything changed.
>
> Remaining are two options:
> 1) False positive from VirusTotal.
> 2) Developer's machine creating the windows installer got infected so
> the binary is infected from the very begining.
>
> Given that we get regularly get various false positives I tend to think
> this is again the case for 1. However if you are still concerned you can
> a) wait for some time whether other security vendors detect the threat
> b) compile current version on your own from the source code (might be
> daunting at windows)
> c) download older versions of LyX which are not flagged by VirusTotal on
> your machine
Actually I see now that you already run it, so a) does not matter much now.
The more interesting question is they chinese error message. We haven't
received any similar report of this yet and I have very little idea what
could go wrong.
Installers of older versions might be still useful on your system.
Pavel
More information about the lyx-users
mailing list