Your message dated Tue, 19 Dec 2023 22:17:35 +0000
with message-id <[email protected]>
and subject line Bug#1041107: fixed in opendkim 2.11.0~beta2-4+deb11u1
has caused the Debian Bug report #1041107,
regarding opendkim: CVE-2022-48521
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1041107: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041107
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: opendkim
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for opendkim.

CVE-2022-48521[0]:
| An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x
| through 2.11.0-Beta2. It fails to keep track of ordinal numbers when
| removing fake Authentication-Results header fields, which allows a
| remote attacker to craft an e-mail message with a fake sender
| address such that programs that rely on Authentication-Results from
| OpenDKIM will treat the message as having a valid DKIM signature
| when in fact it has none.

https://github.com/trusteddomainproject/OpenDKIM/issues/148
 

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-48521
    https://www.cve.org/CVERecord?id=CVE-2022-48521

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message ---
Source: opendkim
Source-Version: 2.11.0~beta2-4+deb11u1
Done: Tobias Frost <[email protected]>

We believe that the bug you reported is fixed in the latest version of
opendkim, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tobias Frost <[email protected]> (supplier of updated opendkim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 01 Dec 2023 19:17:01 +0100
Source: opendkim
Architecture: source
Version: 2.11.0~beta2-4+deb11u1
Distribution: bullseye
Urgency: high
Maintainer: David Bürgin <[email protected]>
Changed-By: Tobias Frost <[email protected]>
Closes: 1041107
Changes:
 opendkim (2.11.0~beta2-4+deb11u1) bullseye; urgency=high
 .
   * Non-maintainer upload by the Security Team.
 .
   [ David Bürgin ]
   * Add patch "rev-ares-deletion.patch" for CVE-2022-48521:
     Delete Authentication-Results headers in reverse (Closes: #1041107).
Checksums-Sha1:
 a048f86a9fbbe2d7161a1442fc02c289d43df36c 2523 
opendkim_2.11.0~beta2-4+deb11u1.dsc
 eae7683576475b44bd2198bbcfb417ea3a4bd9e5 793042 
opendkim_2.11.0~beta2.orig.tar.gz
 2953850ebaa122263a3a74a9a0dc5c753f07798a 27136 
opendkim_2.11.0~beta2-4+deb11u1.debian.tar.xz
 8ce9947d9061e0d0443ffc09be95a66a85d0afa7 11834 
opendkim_2.11.0~beta2-4+deb11u1_amd64.buildinfo
Checksums-Sha256:
 b22b7c90039a4d1cbb025d9ceaed0b8bf664591329c4dc6217e1952378890cfd 2523 
opendkim_2.11.0~beta2-4+deb11u1.dsc
 b3052047279fe6f114cc36b0080bd3db185ed0cc98363327ac5c53d511850016 793042 
opendkim_2.11.0~beta2.orig.tar.gz
 80b7e283cb0391887b858a5bc3cd88b32f633e43b62b21002ff0f3a5f6665d83 27136 
opendkim_2.11.0~beta2-4+deb11u1.debian.tar.xz
 76d1e23f02e5487177025c64c7ea9fd6c212f5ab6c9a12f289686651ac168053 11834 
opendkim_2.11.0~beta2-4+deb11u1_amd64.buildinfo
Files:
 3b8f627541f4e1a676cc21c97957febe 2523 mail optional 
opendkim_2.11.0~beta2-4+deb11u1.dsc
 0be899116b3246fc8a1ed42671ba005b 793042 mail optional 
opendkim_2.11.0~beta2.orig.tar.gz
 73f14529b70ad556531e0ad37c8b23b3 27136 mail optional 
opendkim_2.11.0~beta2-4+deb11u1.debian.tar.xz
 b0143ddc0ff2935a53f79675afd5ef05 11834 mail optional 
opendkim_2.11.0~beta2-4+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmVqKJQACgkQkWT6HRe9
XTbtcw//fhaxieUjxutHVtHAU/2TWNwGS2p8w/QYvRF2JOMynt22KADKTPxDE/bk
vwVbUIiXo6gRUXiFJ3/kG2ax4USm++V8KOrNX/susZOR1r8Gzspll99XBQQJzcWC
0AupBrCX2OmAtU0omh4M8ZWWNKoxkwIDId24NDQrkMlMuixNiq5JB4/w+1RRASl6
vJ/YZ+twMBBqaZf22OcCsvXvJTWxR1tL1dkdk3D1yTCGCd2IRd0mdIb6cHsuHdKL
LY4kLPcAbIDgAqzD3W7ibLdIB4bBqs1Pwh8RCrruO7p2jSbGiVz6HITVmekm23EE
AOwk5F5pTFjVsQRF/RLFnRCwupFDeHEjFNgHf2+CxqU84PlAS7WBoyUw9q1NUMKe
RWbQSz/4TBE99KaDIVCuYPb9PQTJ8OmYuD3LrU0oYNHqe8mZCmKjFKUrq/FYBfGU
HL3fXqgkXf5B5UUogY0LykfHWW2DpGETDWrBmJ4ArY5kEiOXo22syMpq6sr/sPs0
HFrKEZyQsN3+Xh9/Izp9WHhdVw/4p54HNdUZ3/rhtwERBS8dHKwHTF/1U9Y4Hy0G
1FiuwrqBa+YIR68gWEkk3EBOylP8cBKa1QGtwxq6QWzsyvdlgSyVL7kq84IDZfdW
aSshsIsxh8781MFgOzOrJQ+n0MeviGQj5t1r1j74YEeStHG5GFw=
=F+ZI
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to