Source: opendmarc Version: 1.4.0~beta1+dfsg-3 Severity: important Tags: security upstream Forwarded: https://sourceforge.net/p/opendmarc/tickets/235/ X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 1.3.2-6+deb10u1 Control: found -1 1.3.2-6
Hi, The following vulnerability was published for opendmarc, filling the bug for tracking purposes in the BTS. CVE-2019-20790[0]: | OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, | allows attacks that bypass SPF and DMARC authentication in situations | where the HELO field is inconsistent with the MAIL FROM field. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-20790 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20790 [1] https://bugs.launchpad.net/pypolicyd-spf/+bug/1838816 [2] https://sourceforge.net/p/opendmarc/tickets/235/ Regards, Salvatore
