icate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z1cLR3hJJzcsf; Mon, 24 Feb 2025 10:25:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51OAP3de005369; Mon, 24 Feb 2025 10:25:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51OAP3MU005366; Mon, 24 Feb 2025 10:25:03 GMT (envelope-from git) Date: Mon, 24 Feb 2025 10:25:03 GMT Message-Id: <202502241025.51OAP3MU005366@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Fernando =?utf-8?Q?Apestegu=C3=ADa?= Subject: git: 481c8355ee52 - main - security/vuxml: Add exim SQL injection vulnerability List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fernape X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 481c8355ee52d1fe2a8b3745be9e6cf3aacfbe68 Auto-Submitted: auto-generated The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=481c8355ee52d1fe2a8b3745be9e6cf3aacfbe68 commit 481c8355ee52d1fe2a8b3745be9e6cf3aacfbe68 Author: Fernando ApesteguĂ­a AuthorDate: 2025-02-24 10:23:02 +0000 Commit: Fernando ApesteguĂ­a CommitDate: 2025-02-24 10:23:02 +0000 security/vuxml: Add exim SQL injection vulnerability CVE-2025-26794 * Base Score: 7.5 HIGH * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H --- security/vuxml/vuln/2025.xml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index d3c73e1401dd..8e781d9995f5 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,30 @@ + + exim -- SQL injection + + + exim + 4.98.1 + + + + +

cve@mitre.org reports:

+
+

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization + are used, allows remote SQL injection.

+
+ + + + CVE-2025-26794 + https://nvd.nist.gov/vuln/detail/CVE-2025-26794 + + + 2025-02-21 + 2025-02-24 + + + FreeBSD -- Multiple vulnerabilities in OpenSSH