From owner-freebsd-ports-bugs@freebsd.org Sat Jun 15 05:42:02 2019 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 414B515BCBBB for ; Sat, 15 Jun 2019 05:42:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id AB1078F0BC for ; Sat, 15 Jun 2019 05:42:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 6ED8E15BCBB8; Sat, 15 Jun 2019 05:42:01 +0000 (UTC) Delivered-To: ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4A23015BCBB7 for ; Sat, 15 Jun 2019 05:42:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D0CDE8F0B8 for ; Sat, 15 Jun 2019 05:42:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id DEB8A7C5C for ; Sat, 15 Jun 2019 05:41:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x5F5fxNw004247 for ; Sat, 15 Jun 2019 05:41:59 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x5F5fxtF004231 for ports-bugs@FreeBSD.org; Sat, 15 Jun 2019 05:41:59 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 238573] net/netatalk3: Add VuXML entry for CVE-2018-1160 (fixed in 3.1.12) Date: Sat, 15 Jun 2019 05:41:53 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: easy, security X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: marcus@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform bug_file_loc op_sys bug_status keywords bug_severity priority component assigned_to reporter cc flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Jun 2019 05:42:02 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238573 Bug ID: 238573 Summary: net/netatalk3: Add VuXML entry for CVE-2018-1160 (fixed in 3.1.12) Product: Ports & Packages Version: Latest Hardware: Any URL: https://nvd.nist.gov/vuln/detail/CVE-2018-1160 OS: Any Status: New Keywords: easy, security Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: marcus@FreeBSD.org Reporter: koobs@FreeBSD.org CC: ports-secteam@FreeBSD.org Assignee: marcus@FreeBSD.org Flags: maintainer-feedback?(marcus@FreeBSD.org) The net/netatalk port was updated to 3.1.12 in December 2018 This version fixed CVE-2018-1160=20 Upstream states the following on the nature of the vulnerability: "Please update to this latest release as soon as possible as this releases fixes an major security issue (CVE-2018-1160)." " A remote unauthenticated attacker can leverage this vulnerability to achi= eve arbitrary code execution." CVSS v3.0 Base Score: 9.8 CRITICAL=20 CVSS v2.0 Base Score: 10.0 HIGH=20 It appears no security/vuxml entry was added for this vulnerability Any user running anything less than the latest versions will not be notified that their version is vulnerable Relevant URL's for the VuXML entry: https://nvd.nist.gov/vuln/detail/CVE-2018-1160 https://medium.com/tenable-techblog/exploiting-an-18-year-old-bug-b47afe541= 72 "discovery date" should be 20181110 (first mention of CVE [1]) "entry date" should be date of port commit updating to 3.1.12 [1] https://github.com/Netatalk/Netatalk/search?q=3DCVE-2018-1160&type=3DCo= mmits --=20 You are receiving this mail because: You are the assignee for the bug.=