Date: Sat, 15 Jun 2019 05:41:53 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 238573] net/netatalk3: Add VuXML entry for CVE-2018-1160 (fixed in 3.1.12) Message-ID: <bug-238573-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238573 Bug ID: 238573 Summary: net/netatalk3: Add VuXML entry for CVE-2018-1160 (fixed in 3.1.12) Product: Ports & Packages Version: Latest Hardware: Any URL: https://nvd.nist.gov/vuln/detail/CVE-2018-1160 OS: Any Status: New Keywords: easy, security Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: marcus@FreeBSD.org Reporter: koobs@FreeBSD.org CC: ports-secteam@FreeBSD.org Assignee: marcus@FreeBSD.org Flags: maintainer-feedback?(marcus@FreeBSD.org) The net/netatalk port was updated to 3.1.12 in December 2018 This version fixed CVE-2018-1160=20 Upstream states the following on the nature of the vulnerability: "Please update to this latest release as soon as possible as this releases fixes an major security issue (CVE-2018-1160)." " A remote unauthenticated attacker can leverage this vulnerability to achi= eve arbitrary code execution." CVSS v3.0 Base Score: 9.8 CRITICAL=20 CVSS v2.0 Base Score: 10.0 HIGH=20 It appears no security/vuxml entry was added for this vulnerability Any user running anything less than the latest versions will not be notified that their version is vulnerable Relevant URL's for the VuXML entry: https://nvd.nist.gov/vuln/detail/CVE-2018-1160 https://medium.com/tenable-techblog/exploiting-an-18-year-old-bug-b47afe541= 72 "discovery date" should be 20181110 (first mention of CVE [1]) "entry date" should be date of port commit updating to 3.1.12 [1] https://github.com/Netatalk/Netatalk/search?q=3DCVE-2018-1160&type=3DCo= mmits --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-238573-7788>