Date: Mon, 19 Jan 2026 18:01:58 +0000 From: Guido Falsi <madpilot@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: bdfacb722377 - main - security/vuxml: Document multiple mail/mailpit vulnerabilities Message-ID: <696e7196.3d24a.24e16fec@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by madpilot: URL: https://cgit.FreeBSD.org/ports/commit/?id=bdfacb72237762fde71149a91a34f5ad39505bbb commit bdfacb72237762fde71149a91a34f5ad39505bbb Author: Guido Falsi <madpilot@FreeBSD.org> AuthorDate: 2026-01-19 18:01:25 +0000 Commit: Guido Falsi <madpilot@FreeBSD.org> CommitDate: 2026-01-19 18:01:25 +0000 security/vuxml: Document multiple mail/mailpit vulnerabilities --- security/vuxml/vuln/2026.xml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 81d37a3b7d71..cc6b34ec1138 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,34 @@ + <vuln vid="01f34a27-f560-11f0-bbdc-10ffe07f9334"> + <topic>mail/mailpit -- multiple vulnerabilities</topic> + <affects> +<package> +<name>mailpit</name> +<range><lt>1.28.3</lt></range> +</package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mailpit author reports:</p> + <blockquote cite="https://github.com/axllent/mailpit/releases/tag/v1.28.3"> + <p>Ensure SMTP TO & FROM addresses are RFC 5322 + compliant and prevent header injection (GHSA-54wq-72mp-cq7c)</p> + <p>Prevent Server-Side Request Forgery (SSRF) via HTML + Check API (GHSA-6jxm-fv7w-rw5j)</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-23829</cvename> + <url>https://github.com/axllent/mailpit/security/advisories/GHSA-54wq-72mp-cq7c</url> + <cvename>CVE-2026-23845</cvename> + <url>https://github.com/axllent/mailpit/security/advisories/GHSA-6jxm-fv7w-rw5j</url> + </references> + <dates> + <discovery>2026-01-18</discovery> + <entry>2026-01-19</entry> + </dates> + </vuln> + <vuln vid="fb561db9-0fc1-4d92-81a2-ee01839c9119"> <topic>oauth2-proxy -- multiple vulnerabilities</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?696e7196.3d24a.24e16fec>
