doc: use CVEs for SMPT smuggling, add sendmail

0-wiz-0 · 0-wiz-0 · commit c749cfcd03e3 · 2023-12-24T09:53:03.000Z
diff --git a/doc/pkg-vulnerabilities b/doc/pkg-vulnerabilities
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.96 2023/12/23 20:23:40 thor Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.97 2023/12/24 09:53:03 wiz Exp $
 #
 #FORMAT 1.0.0
 #
@@ -25817,12 +25817,13 @@ proftpd<1.3.8b	extension-negotiation-downgrade	https://nvd.nist.gov/vuln/detail/
 dropbear<2022.83nb1	extension-negotiation-downgrade	https://nvd.nist.gov/vuln/detail/CVE-2023-48795
 erlang<26.2.1	extension-negotiation-downgrade	https://nvd.nist.gov/vuln/detail/CVE-2023-48795
 libssh2<1.11.0nb2	extension-negotiation-downgrade	https://nvd.nist.gov/vuln/detail/CVE-2023-48795
-postfix<3.8.4	email-spoofing	https://www.postfix.org/smtp-smuggling.html
+postfix<3.8.4	email-spoofing	https://nvd.nist.gov/vuln/detail/CVE-2023-51764
 mysqld_exporter<0.15.1	auth-bypass	https://pkg.go.dev/vuln/GO-2022-1130
 mysqld_exporter<0.15.1	denial-of-service	https://pkg.go.dev/vuln/GO-2023-1571
 postgres_exporter<0.15.0	auth-bypass	https://pkg.go.dev/vuln/GO-2022-1130
 postgres_exporter<0.15.0	denial-of-service	https://pkg.go.dev/vuln/GO-2023-1571
 git-lfs<3.4.1	denial-of-service	https://pkg.go.dev/vuln/GO-2023-1571
-exim-[0-9]*	email-spoofing	https://bugs.exim.org/show_bug.cgi?id=3063
+exim-[0-9]*	email-spoofing	https://nvd.nist.gov/vuln/detail/CVE-2023-51766
 nuclei<3.1.3	man-in-the-middle	https://pkg.go.dev/vuln/GO-2023-2402
 glow<1.5.1	man-in-the-middle	https://pkg.go.dev/vuln/GO-2023-2402
+sendmail-[0-9]*	email-spoofing	https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-51765
