CVS commit: pkgsrc/doc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/doc
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Sun, 24 Dec 2023 09:53:03 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Sun Dec 24 09:53:03 UTC 2023

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
doc: use CVEs for SMPT smuggling, add sendmail


To generate a diff of this commit:
cvs rdiff -u -r1.96 -r1.97 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.96 pkgsrc/doc/pkg-vulnerabilities:1.97
--- pkgsrc/doc/pkg-vulnerabilities:1.96 Sat Dec 23 20:23:40 2023
+++ pkgsrc/doc/pkg-vulnerabilities      Sun Dec 24 09:53:03 2023
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.96 2023/12/23 20:23:40 thor Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.97 2023/12/24 09:53:03 wiz Exp $
 #
 #FORMAT 1.0.0
 #
@@ -25817,12 +25817,13 @@ proftpd<1.3.8b        extension-negotiation-dow
 dropbear<2022.83nb1    extension-negotiation-downgrade https://nvd.nist.gov/vuln/detail/CVE-2023-48795
 erlang<26.2.1  extension-negotiation-downgrade https://nvd.nist.gov/vuln/detail/CVE-2023-48795
 libssh2<1.11.0nb2      extension-negotiation-downgrade https://nvd.nist.gov/vuln/detail/CVE-2023-48795
-postfix<3.8.4  email-spoofing  https://www.postfix.org/smtp-smuggling.html
+postfix<3.8.4  email-spoofing  https://nvd.nist.gov/vuln/detail/CVE-2023-51764
 mysqld_exporter<0.15.1 auth-bypass     https://pkg.go.dev/vuln/GO-2022-1130
 mysqld_exporter<0.15.1 denial-of-service       https://pkg.go.dev/vuln/GO-2023-1571
 postgres_exporter<0.15.0       auth-bypass     https://pkg.go.dev/vuln/GO-2022-1130
 postgres_exporter<0.15.0       denial-of-service       https://pkg.go.dev/vuln/GO-2023-1571
 git-lfs<3.4.1  denial-of-service       https://pkg.go.dev/vuln/GO-2023-1571
-exim-[0-9]*    email-spoofing  https://bugs.exim.org/show_bug.cgi?id=3063
+exim-[0-9]*    email-spoofing  https://nvd.nist.gov/vuln/detail/CVE-2023-51766
 nuclei<3.1.3   man-in-the-middle       https://pkg.go.dev/vuln/GO-2023-2402
 glow<1.5.1     man-in-the-middle       https://pkg.go.dev/vuln/GO-2023-2402
+sendmail-[0-9]*        email-spoofing  https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-51765

Prev by Date: CVS commit: pkgsrc/misc/calibre
Next by Date: CVS commit: pkgsrc/sysutils/auto-admin
Previous by Thread: CVS commit: pkgsrc/misc/calibre
Next by Thread: CVS commit: pkgsrc/sysutils/auto-admin
Indexes:

Home | Main Index | Thread Index | Old Index