Package: libmail-dkim-perl Version: 0.54-1 Severity: important Control: fixed -1 0.58-1 Control: forwarded -1 https://rt.cpan.org/Public/Bug/Display.html?id=130713
Hi,There's a bug that has been reported upstream at https://rt.cpan.org/Public/Bug/Display.html?id=130713 and affects the package version currently in Buster. The bug has been fixed upstream in 0.58, so no Debian releases after Buster are affected.
The bug can be reproduced by running the attached test scripts on the attached email file on a buster system:
$ perl ./test.pl < broken.eml invalid (public key: does not support signing subdomains)Note that the test email includes an i= tag with partially capitalized spelling and that the domain's DKIM record specifies t=s:
$ dig +short default._domainkey.weltraumschlangen.de TXT "v=DKIM1;t=s;[...]I would like to fix this issue in an LTS update to Buster. Is it alright for you, the package maintainer, if I go ahead and prepare an LTS for Buster? Are there any other considerations you would like me to take into account?
Regards Sven
OpenPGP_signature
Description: OpenPGP digital signature
