The net/netatalk port was updated to 3.1.12 in December 2018 This version fixed CVE-2018-1160 Upstream states the following on the nature of the vulnerability: "Please update to this latest release as soon as possible as this releases fixes an major security issue (CVE-2018-1160)." " A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution." CVSS v3.0 Base Score: 9.8 CRITICAL CVSS v2.0 Base Score: 10.0 HIGH It appears no security/vuxml entry was added for this vulnerability Any user running anything less than the latest versions will not be notified that their version is vulnerable Relevant URL's for the VuXML entry: https://nvd.nist.gov/vuln/detail/CVE-2018-1160 https://medium.com/tenable-techblog/exploiting-an-18-year-old-bug-b47afe54172 "discovery date" should be 20181110 (first mention of CVE [1]) "entry date" should be date of port commit updating to 3.1.12 [1] https://github.com/Netatalk/Netatalk/search?q=CVE-2018-1160&type=Commits
Documented.
A commit references this bug: Author: marcus Date: Sun Jun 16 17:07:14 UTC 2019 New revision: 504357 URL: https://svnweb.freebsd.org/changeset/ports/504357 Log: Add an entry for netatalk3. Document the netatalk3 remote code execution vulnerability fixed in 3.1.12. PR: 238573 Changes: head/security/vuxml/vuln.xml