Your message dated Sat, 21 Sep 2019 20:34:18 +0000
with message-id <[email protected]>
and subject line Bug#940081: fixed in opendmarc 1.3.2-2+deb9u2
has caused the Debian Bug report #940081,
regarding opendmarc: CVE-2019-16378: signature bypass with multiple From
addresses
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
940081: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940081
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: opendmarc
Version: 1.3.2-6
Severity: important
Tags: security upstream
Forwarded: https://github.com/trusteddomainproject/OpenDMARC/pull/48
Hi
See https://www.openwall.com/lists/oss-security/2019/09/11/8 and
https://github.com/trusteddomainproject/OpenDMARC/pull/48
although there is no vetted/acked patch.
Filling for tracking.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: opendmarc
Source-Version: 1.3.2-2+deb9u2
We believe that the bug you reported is fixed in the latest version of
opendmarc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Scott Kitterman <[email protected]> (supplier of updated opendmarc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 19 Sep 2019 01:31:48 -0400
Source: opendmarc
Binary: opendmarc libopendmarc2 libopendmarc-dev rddmarc
Architecture: source amd64 all
Version: 1.3.2-2+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Scott Kitterman <[email protected]>
Changed-By: Scott Kitterman <[email protected]>
Description:
libopendmarc-dev - Headers and development libraries for the OpenDMARC library
libopendmarc2 - Library for DMARC validation and reporting
opendmarc - Milter implementation of DMARC
rddmarc - Sample DMARC report processing scripts collection
Closes: 940081
Changes:
opendmarc (1.3.2-2+deb9u2) stretch-security; urgency=high
.
* CVE-2019-16378: https://github.com/trusteddomainproject/OpenDMARC/pull/48
to address incorrect DMARC pass results with multi-from mail (Closes:
#940081)
Checksums-Sha1:
f5c4d69589bab259ead8f208585726625e3bb9e3 2004 opendmarc_1.3.2-2+deb9u2.dsc
b89ca85d9fdfa1b2fce2660a20f4d0bdb9a97205 22085 opendmarc_1.3.2-2+deb9u2.diff.gz
cfa69684af3c8f974d91e33950efe2253a3f9d52 60454
libopendmarc-dev_1.3.2-2+deb9u2_amd64.deb
56723971e83b90a0880403e85552f86a0a36703b 47196
libopendmarc2-dbgsym_1.3.2-2+deb9u2_amd64.deb
ea6ff5c44dc4d2a6cdf37b93e2caf6fc93f39fbb 34396
libopendmarc2_1.3.2-2+deb9u2_amd64.deb
19c07c0cd0544effd1fb9e60285baf804eb2ad23 80592
opendmarc-dbgsym_1.3.2-2+deb9u2_amd64.deb
e424fe4abc17c8b91b3f5584e803ca6e47756909 8129
opendmarc_1.3.2-2+deb9u2_amd64.buildinfo
85146ca5e5c128e242053f93e84ede2e88e9479b 86584
opendmarc_1.3.2-2+deb9u2_amd64.deb
2e88c792479480db3594847abffc35fb39eeff6f 22196 rddmarc_1.3.2-2+deb9u2_all.deb
Checksums-Sha256:
3a08f58eb51720c9a57edfd92eca64aacd4e1e68fe74852f4ca27777fa35e50c 2004
opendmarc_1.3.2-2+deb9u2.dsc
42aae822b650e70d78f88f51a24eee172caedd5a0414da30fa1f72cffa350db5 22085
opendmarc_1.3.2-2+deb9u2.diff.gz
341c511280b7c1214b39be1acba9f7673252fcc2b2b2fbda31dd1585b3622d56 60454
libopendmarc-dev_1.3.2-2+deb9u2_amd64.deb
b8e84de283a764131184c2f65fe0d396578bcf72966df037a0f6b01c006d3596 47196
libopendmarc2-dbgsym_1.3.2-2+deb9u2_amd64.deb
bf2faf4cf9c6f35ad9ce487d829cfe94640bb37c0d49937c58b61fd0346273cd 34396
libopendmarc2_1.3.2-2+deb9u2_amd64.deb
f9f43d6e6330c8d629db3b069b2976f2ef7943f341404a798ab42b110191bb67 80592
opendmarc-dbgsym_1.3.2-2+deb9u2_amd64.deb
2ea975114e35f918e7e6b5c1915d92ceb43aa6433ea36bf8d3c951cd1423bedf 8129
opendmarc_1.3.2-2+deb9u2_amd64.buildinfo
0eef83dc77cae4e85f862a4deb6a84b0df2e26e5fd3d0132a0c680f3656fddd2 86584
opendmarc_1.3.2-2+deb9u2_amd64.deb
5cd1a7e7a9fc809fbbc4686d6195cdf649c00739939dbe5bf015472f344dfeae 22196
rddmarc_1.3.2-2+deb9u2_all.deb
Files:
afa65486fa679a788ad8a35200ff21d7 2004 mail extra opendmarc_1.3.2-2+deb9u2.dsc
f03aca31dfee41a2fcb19bf6914ea534 22085 mail extra
opendmarc_1.3.2-2+deb9u2.diff.gz
0e391cb0ff9756067c300c9d178cadae 60454 libdevel extra
libopendmarc-dev_1.3.2-2+deb9u2_amd64.deb
9cb2f6c56d49282e75a61ccf65737bba 47196 debug extra
libopendmarc2-dbgsym_1.3.2-2+deb9u2_amd64.deb
1de2a2dd0478e62536c024089ab908ab 34396 libs extra
libopendmarc2_1.3.2-2+deb9u2_amd64.deb
3123eefad8f50680ff236c238b92bd91 80592 debug extra
opendmarc-dbgsym_1.3.2-2+deb9u2_amd64.deb
a02bb066e8a60fc7ce6e371e5ae04c8a 8129 mail extra
opendmarc_1.3.2-2+deb9u2_amd64.buildinfo
14488382e7e69d96a9ae0cc166adabb1 86584 mail extra
opendmarc_1.3.2-2+deb9u2_amd64.deb
9087b9060e08c95ccb1aa5ccd6b7f08e 22196 mail extra
rddmarc_1.3.2-2+deb9u2_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAl2DLCIACgkQeNfe+5rV
mvEnXg//RKjl1Akfmc6RY4zQ5TM+lbZXKQMkK2IofYtYe/azap0g2+kQSjolKwY6
T0ITZsmdhO2no9ojwAJ8il76abZ6Iz4GZJizV+BAc7uzBbfnShCilxW7cjzeK6dV
GHhTjcncfpaY2bElgBGKxezS5vKkzmS4fRWN+JkHJxP4FB0GaWajQYgkN6NRUILW
wL0PFA4wkHViHyt/G50FLY3zBAU5tg5MqiXXWiy2wpPKucs+9e+7UTF9EuSV9eOh
I2PBvREFlXTAUdZzDZ3QMiotq5k7UFXilvrd+TA7mFNthfNHTCRnnr+Cr0UZgf7X
GuAfM7c55x/70Yuc42GRAsSKq8CjGJdzR+BuYYonTN39QglaBZrpX6TLwc/kd54L
ksIPdV3z1WjPOTdkhztJMm0AkIWKZUJccUPRrdD3eweeW9o1RZcYw3IYLU0Z36vB
hbQ+V+yra9iejrwjOvfY9C7mulDBRGJYlgP4dZL072DeCuMiAXErN3RgcAj9++tu
GOTh+FuZwdk7e2eB8adXSrwcpuV0ZMxpyY6YQKnpDkXTMbLVASapUXwnoV46lR9w
15u1pQHP7D9NEOLc+ZqRxhHl66lZT9aJid8DWmQyYy9jjaPIAKvt/21SIabd34jl
R8Fy/Q61KLN65ceSsceNg4ZgIvWqHTSs0QFyyDGdEYX61fy4OV0=
=qw4l
-----END PGP SIGNATURE-----
--- End Message ---
