Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 19 Jan 2026 18:01:58 +0000
From:      Guido Falsi <madpilot@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: bdfacb722377 - main - security/vuxml: Document multiple mail/mailpit vulnerabilities
Message-ID:  <696e7196.3d24a.24e16fec@gitrepo.freebsd.org>

index | next in thread | raw e-mail

The branch main has been updated by madpilot:

URL: https://cgit.FreeBSD.org/ports/commit/?id=bdfacb72237762fde71149a91a34f5ad39505bbb

commit bdfacb72237762fde71149a91a34f5ad39505bbb
Author:     Guido Falsi <madpilot@FreeBSD.org>
AuthorDate: 2026-01-19 18:01:25 +0000
Commit:     Guido Falsi <madpilot@FreeBSD.org>
CommitDate: 2026-01-19 18:01:25 +0000

    security/vuxml: Document multiple mail/mailpit vulnerabilities
---
 security/vuxml/vuln/2026.xml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index 81d37a3b7d71..cc6b34ec1138 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,34 @@
+  <vuln vid="01f34a27-f560-11f0-bbdc-10ffe07f9334">
+    <topic>mail/mailpit -- multiple vulnerabilities</topic>
+    <affects>
+<package>
+<name>mailpit</name>
+<range><lt>1.28.3</lt></range>
+</package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>Mailpit author reports:</p>
+	<blockquote cite="https://github.com/axllent/mailpit/releases/tag/v1.28.3">;
+	  <p>Ensure SMTP TO &amp; FROM addresses are RFC 5322
+	  compliant and prevent header injection (GHSA-54wq-72mp-cq7c)</p>
+	  <p>Prevent Server-Side Request Forgery (SSRF) via HTML
+	  Check API (GHSA-6jxm-fv7w-rw5j)</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2026-23829</cvename>
+      <url>https://github.com/axllent/mailpit/security/advisories/GHSA-54wq-72mp-cq7c</url>;
+      <cvename>CVE-2026-23845</cvename>
+      <url>https://github.com/axllent/mailpit/security/advisories/GHSA-6jxm-fv7w-rw5j</url>;
+    </references>
+    <dates>
+      <discovery>2026-01-18</discovery>
+      <entry>2026-01-19</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="fb561db9-0fc1-4d92-81a2-ee01839c9119">
     <topic>oauth2-proxy -- multiple vulnerabilities</topic>
     <affects>


home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?696e7196.3d24a.24e16fec>