[Bug 238573] net/netatalk3: Add VuXML entry for CVE-2018-1160 (fixed in 3.1.12)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Jun 15 05:42:02 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238573
Bug ID: 238573
Summary: net/netatalk3: Add VuXML entry for CVE-2018-1160
(fixed in 3.1.12)
Product: Ports & Packages
Version: Latest
Hardware: Any
URL: https://nvd.nist.gov/vuln/detail/CVE-2018-1160
OS: Any
Status: New
Keywords: easy, security
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: marcus at FreeBSD.org
Reporter: koobs at FreeBSD.org
CC: ports-secteam at FreeBSD.org
Assignee: marcus at FreeBSD.org
Flags: maintainer-feedback?(marcus at FreeBSD.org)
The net/netatalk port was updated to 3.1.12 in December 2018
This version fixed CVE-2018-1160
Upstream states the following on the nature of the vulnerability: "Please
update to this latest release as soon as possible as this releases fixes an
major security issue (CVE-2018-1160)."
" A remote unauthenticated attacker can leverage this vulnerability to achieve
arbitrary code execution."
CVSS v3.0 Base Score: 9.8 CRITICAL
CVSS v2.0 Base Score: 10.0 HIGH
It appears no security/vuxml entry was added for this vulnerability
Any user running anything less than the latest versions will not be notified
that their version is vulnerable
Relevant URL's for the VuXML entry:
https://nvd.nist.gov/vuln/detail/CVE-2018-1160
https://medium.com/tenable-techblog/exploiting-an-18-year-old-bug-b47afe54172
"discovery date" should be 20181110 (first mention of CVE [1])
"entry date" should be date of port commit updating to 3.1.12
[1] https://github.com/Netatalk/Netatalk/search?q=CVE-2018-1160&type=Commits
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list