The net/netatalk port was updated to 3.1.12 in December 2018
This version fixed CVE-2018-1160
Upstream states the following on the nature of the vulnerability: "Please update to this latest release as soon as possible as this releases fixes an major security issue (CVE-2018-1160)."
" A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution."
CVSS v3.0 Base Score: 9.8 CRITICAL
CVSS v2.0 Base Score: 10.0 HIGH
It appears no security/vuxml entry was added for this vulnerability
Any user running anything less than the latest versions will not be notified that their version is vulnerable
Relevant URL's for the VuXML entry:
"discovery date" should be 20181110 (first mention of CVE )
"entry date" should be date of port commit updating to 3.1.12
A commit references this bug:
Date: Sun Jun 16 17:07:14 UTC 2019
New revision: 504357
Add an entry for netatalk3.
Document the netatalk3 remote code execution vulnerability fixed in 3.1.12.