Your message dated Wed, 29 Nov 2023 22:47:08 +0000
with message-id <[email protected]>
and subject line Bug#1041107: fixed in opendkim 2.11.0~beta2-8+deb12u1
has caused the Debian Bug report #1041107,
regarding opendkim: CVE-2022-48521
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1041107: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041107
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: opendkim
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for opendkim.

CVE-2022-48521[0]:
| An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x
| through 2.11.0-Beta2. It fails to keep track of ordinal numbers when
| removing fake Authentication-Results header fields, which allows a
| remote attacker to craft an e-mail message with a fake sender
| address such that programs that rely on Authentication-Results from
| OpenDKIM will treat the message as having a valid DKIM signature
| when in fact it has none.

https://github.com/trusteddomainproject/OpenDKIM/issues/148
 

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-48521
    https://www.cve.org/CVERecord?id=CVE-2022-48521

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message ---
Source: opendkim
Source-Version: 2.11.0~beta2-8+deb12u1
Done: Tobias Frost <[email protected]>

We believe that the bug you reported is fixed in the latest version of
opendkim, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tobias Frost <[email protected]> (supplier of updated opendkim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 25 Nov 2023 17:19:13 +0100
Source: opendkim
Architecture: source
Version: 2.11.0~beta2-8+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: David Bürgin <[email protected]>
Changed-By: Tobias Frost <[email protected]>
Closes: 1041107
Changes:
 opendkim (2.11.0~beta2-8+deb12u1) bookworm; urgency=medium
 .
   * Non-Maintainer upload by the security team.
 .
   [ David Bürgin ]
   * Add patch "rev-ares-deletion.patch" for CVE-2022-48521:
     Delete Authentication-Results headers in reverse (Closes: #1041107).
Checksums-Sha1:
 6e84fefa0b56a2284900450084061e5e2df0ba4a 2521 
opendkim_2.11.0~beta2-8+deb12u1.dsc
 eae7683576475b44bd2198bbcfb417ea3a4bd9e5 793042 
opendkim_2.11.0~beta2.orig.tar.gz
 7c9445c57981ae6975d2cf9c2ba92358428b6be3 30684 
opendkim_2.11.0~beta2-8+deb12u1.debian.tar.xz
 27a6aa6956629e3def308102d95a2cd92fa48d4c 11635 
opendkim_2.11.0~beta2-8+deb12u1_amd64.buildinfo
Checksums-Sha256:
 479cf29540a17491e1f0bc5a58682cbd2c438b25e871ee99a8dcf0031383cf3c 2521 
opendkim_2.11.0~beta2-8+deb12u1.dsc
 b3052047279fe6f114cc36b0080bd3db185ed0cc98363327ac5c53d511850016 793042 
opendkim_2.11.0~beta2.orig.tar.gz
 624bb721183a9ab458f3c212204f3b70e1905c9fd4a7884c8aea92391e007878 30684 
opendkim_2.11.0~beta2-8+deb12u1.debian.tar.xz
 1ae4d84ec7a1bf630cada0636aee37f474d53fca47ace04abeb7dc01f3c4e48e 11635 
opendkim_2.11.0~beta2-8+deb12u1_amd64.buildinfo
Files:
 ccf6fb2f2613a0657221f47a4a36c278 2521 mail optional 
opendkim_2.11.0~beta2-8+deb12u1.dsc
 0be899116b3246fc8a1ed42671ba005b 793042 mail optional 
opendkim_2.11.0~beta2.orig.tar.gz
 902b017077942924d25607bdc00bbae8 30684 mail optional 
opendkim_2.11.0~beta2-8+deb12u1.debian.tar.xz
 0895bb61e8a2e59ff8faca26535d616b 11635 mail optional 
opendkim_2.11.0~beta2-8+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmViI3gACgkQkWT6HRe9
XTbxjxAA2k/krkNtFCgV65inB5TbNS+j3sWfB5onBxnoYjniIfXgDDATlakyxIpg
nkQXCZGlIZawqoVBgdYz6b9JvOaDSwQLa2Hs1mS0r4PcDjsDc1yMAV6RXywtZT+B
sonXj085OEhZ6y1N1TchchvRfG+mU/pwzWao+hco99jMOS5qiFWxhwWRrPMjRBAw
aMS37frQlbQBUTbD0pmX04IlozdRBIMYiZasoRxOzI2awESjuVXI+eQOSmldYQFf
5orIu9I8qOLplClArg4HIdJ9yYtbz2Yw03uWQs9XaGTcMuQQyP8uhZW3orCksB7E
4sbWlhM/jxBdnOH72zRqJ6a6gep9VQqG8YLEn7KCn1YpASAegClJjX12HUenfqMn
MCkY5TlGVtczLHrn7G7AKXt4+iYoR5dRJ5ZwME2grKei8Cu3qFs9/foaCce0/fS+
EeLL77zEwDeGZN7mDOVUjUOe5OjyMTvjs1MRZajGUgK3Zr6OyAW5wk2YKQWFK0Ad
OWr4uXRyTr3/JOF70SzYKqV8HDRdocWfAdh57hBKSBOWvL/qCQKcCdr8UDuieOPN
CLHSt9m0+SBTdz9Q0UH2T0A1DVONr25ahzcpX506juCfc4qGyGdKewVF2xWEaqTR
99E15e1GTRmL6+CWpHx8ohMc41Mhwu3EKKsIbbBBN0Eo4FFVT+0=
=94M5
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to