Your message dated Sat, 21 Sep 2019 20:32:24 +0000
with message-id <[email protected]>
and subject line Bug#940081: fixed in opendmarc 1.3.2-6+deb10u1
has caused the Debian Bug report #940081,
regarding opendmarc: CVE-2019-16378: signature bypass with multiple From
addresses
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
940081: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940081
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: opendmarc
Version: 1.3.2-6
Severity: important
Tags: security upstream
Forwarded: https://github.com/trusteddomainproject/OpenDMARC/pull/48
Hi
See https://www.openwall.com/lists/oss-security/2019/09/11/8 and
https://github.com/trusteddomainproject/OpenDMARC/pull/48
although there is no vetted/acked patch.
Filling for tracking.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: opendmarc
Source-Version: 1.3.2-6+deb10u1
We believe that the bug you reported is fixed in the latest version of
opendmarc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Scott Kitterman <[email protected]> (supplier of updated opendmarc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 19 Sep 2019 01:31:48 -0400
Source: opendmarc
Binary: libopendmarc-dev libopendmarc2 libopendmarc2-dbgsym opendmarc
opendmarc-dbgsym
Architecture: source amd64
Version: 1.3.2-6+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Scott Kitterman <[email protected]>
Changed-By: Scott Kitterman <[email protected]>
Description:
libopendmarc-dev - Headers and development libraries for the OpenDMARC library
libopendmarc2 - Library for DMARC validation and reporting
opendmarc - Milter implementation of DMARC
Closes: 940081
Changes:
opendmarc (1.3.2-6+deb10u1) buster-security; urgency=high
.
* CVE-2019-16378: https://github.com/trusteddomainproject/OpenDMARC/pull/48
to address incorrect DMARC pass results with multi-from mail (Closes:
#940081)
Checksums-Sha1:
4b1cbe925e70476a5545c1224698c26df5d60fe2 2087 opendmarc_1.3.2-6+deb10u1.dsc
dd7deac10966094735a32c0df6631898d59db603 593448 opendmarc_1.3.2.orig.tar.gz
c809b285a03b07918635c2c345d15c9ceca1da47 25920
opendmarc_1.3.2-6+deb10u1.debian.tar.xz
941df2e6eb9b7752549ded00dae0eb3db230b75b 61884
libopendmarc-dev_1.3.2-6+deb10u1_amd64.deb
8953e244307decc0d054917e1f3e0c64e8dd966f 56400
libopendmarc2-dbgsym_1.3.2-6+deb10u1_amd64.deb
0eb201738e24f8cc21f39f2a023d080e473c0833 35760
libopendmarc2_1.3.2-6+deb10u1_amd64.deb
3f07e1bb75967fee6c71c4385e6c268c2399ea6e 96040
opendmarc-dbgsym_1.3.2-6+deb10u1_amd64.deb
c671cf77296718e59e85193013024de8c500d7c9 7410
opendmarc_1.3.2-6+deb10u1_amd64.buildinfo
b9b739e21ba92e3ba3bb5de6904b67328c71331a 97444
opendmarc_1.3.2-6+deb10u1_amd64.deb
Checksums-Sha256:
a539a062a1270072401da999dee4486f4b88ffed10d9a7673f19993bfe6ac93a 2087
opendmarc_1.3.2-6+deb10u1.dsc
213c4b01a9ff5dcdf331f7bd1dd6a382077abbf8ee9111852f2101ec917c2ffb 593448
opendmarc_1.3.2.orig.tar.gz
d52dc970c5bd83b04ef2d0249f9726eca183a61e62e6b151e9b92c97f60e20da 25920
opendmarc_1.3.2-6+deb10u1.debian.tar.xz
1fe7674967f4095388eb7e80807a1ea713ddf46dccf4e323c453ca1571b9cbc5 61884
libopendmarc-dev_1.3.2-6+deb10u1_amd64.deb
55f0094d0dedce20cf05a8df8330880901cde4d05d2b2b76acaf80a84f638ca2 56400
libopendmarc2-dbgsym_1.3.2-6+deb10u1_amd64.deb
ec1e1196d8cb942d892ee0201bbd6fa27d2cc98498ee23d44413e406bc0cc08f 35760
libopendmarc2_1.3.2-6+deb10u1_amd64.deb
dbf8e09ac261074d70a4a45a10df5e6357d87f06b6613e02cb343cc69224a10a 96040
opendmarc-dbgsym_1.3.2-6+deb10u1_amd64.deb
2db9f1e1fea8a177bcd31a86ea61dd51cd2cb5b989f7519955df332d53e49891 7410
opendmarc_1.3.2-6+deb10u1_amd64.buildinfo
43e81e61378c493441ed575833b064100370abef786dff37413ad1987b8dd9d7 97444
opendmarc_1.3.2-6+deb10u1_amd64.deb
Files:
4d0fc256e20c63026206a83ab5953c41 2087 mail optional
opendmarc_1.3.2-6+deb10u1.dsc
2b4e9b8be7fe61800515cef1d7e6a905 593448 mail optional
opendmarc_1.3.2.orig.tar.gz
7f000082d8f0656f79f7366accf014fe 25920 mail optional
opendmarc_1.3.2-6+deb10u1.debian.tar.xz
3be33bd7cb1d1d1a0874e3c91ba62996 61884 libdevel optional
libopendmarc-dev_1.3.2-6+deb10u1_amd64.deb
4001791128e9a555bfcd20474a7c7161 56400 debug optional
libopendmarc2-dbgsym_1.3.2-6+deb10u1_amd64.deb
8d29c905b09b3dd8bd04b219749ff7ce 35760 libs optional
libopendmarc2_1.3.2-6+deb10u1_amd64.deb
ec9abf5ab101fe7aac17df3c138fe8e0 96040 debug optional
opendmarc-dbgsym_1.3.2-6+deb10u1_amd64.deb
4bf4185e99270bbbebb28a43902fabaa 7410 mail optional
opendmarc_1.3.2-6+deb10u1_amd64.buildinfo
9941e26536b7a3ab5347844290fb2a5f 97444 mail optional
opendmarc_1.3.2-6+deb10u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAl2DKqkACgkQeNfe+5rV
mvHGHBAAr7kHk09J2b03r6iA+xDIHlDCNXbCaCtSRjc5/wfTku0KxxfU/WoFnqBt
1Ck72J56CQjolaI7R1buSWjFCMxNQuiTosEXeZpvT7fYqcWJ+gwKXi+AQRDks776
jixoF5AYyxET1K7YhxQHd4yGrJnTZ6qcSJyFujdGycqDJmGYQa0O8om2tvN5sx7N
LC1HVaFjgngyfhTfODSVR37Pb4pEym9lF9qanlcy4MGuhFOEcJCp8B85eXZ5v8Q5
5gA7RXMqFo6jveadroxb89S4YUNqcBzTaoP0vcSDxoEcrU0wvI5OFUiullsaP/UL
5efSxt0suQHh/TkNDwONqqnw1BnPn/8dudGI3XlE597w7H9zlmCUcRGwTkwaAadV
jQl38OWbm9wlQdFLf3ciBY7ZopbdBB7c4cD5vB+i3iK7FeGN85R187HBXS5CjzkS
xxF+L5+gl9ac7ELM6Bsjn7B/LCbbGbQv2+z7cRK2NrXBcnTAhVB72k1Ynul0TtOj
sU0AjU3JWJ5CvpnBM7NWdh7vBZvoibSeFl9pLfG6c6qAeIzC7eNenNliR45MK462
xcwco8PtktV/ORV3+NmByJHiLrqdnfSopds+PH/iTZplSdy8NoVshNgmnMkY7i+/
O60+SSE+tmklaa7e/AmmMFpx3gGd/jWwNLcs8pnTkosG48W0j1o=
=2KZ7
-----END PGP SIGNATURE-----
--- End Message ---
