Víctor Mayoral Vilches

Thanks for the review @polybassa, I believe I addressed all comments. Let me know if I missed anything.

I tried downloading both the `.img` as well as the `tar.gz`. In both cases, I've been unable to launch santa. I don't mind putting some time into helping other new...

> Hello, the easiest way to get Santa installed is by using the .pkg installer that is packaged inside the .dmg. > > I suggest running the [latest release](https://github.com/google/santa/releases/latest). Be...

All right, so after several attempts, I seem to have been able to successfully install [v1.10](https://github.com/google/santa/releases/tag/1.10). What I did: - Uninstall santa previous versions (and attempts) using `uninstall.sh` script from...

Added relevant dates to the ticket. Some further triage for reproducing this issue and/or describing the vulnerability in more detail is required (e.g. defining the severity, asking for a CVE...

Thanks @attritionorg, updated.

Review dates in this ticket. Used the following sources: - https://www.us-cert.gov/ics/advisories/ICSA-17-222-05 (mitigation) - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9664 (report, detection) Note: NVD [published](https://nvd.nist.gov/vuln/detail/CVE-2017-9664) much, much later.

https://asciinema.org/a/315683

Likely applying also to other robot components. Ping @glerapic, let me know if you disagree with this ticket, otherwise I'm requesting the CVE ID preliminarily assigned.

Assigned a CVE ID, sent a PR to the upstream CVE List repo https://github.com/CVEProject/cvelist/pull/4247