Your message dated Sat, 25 Nov 2023 16:14:09 +0100
with message-id <[email protected]>
and subject line Re: Bug#1056285: RFS: opendkim/2.11.0~beta2-9 -- DomainKeys
Identified Mail (DKIM) signing and verifying milter
has caused the Debian Bug report #1056285,
regarding RFS: opendkim/2.11.0~beta2-9 -- DomainKeys Identified Mail (DKIM)
signing and verifying milter
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1056285: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056285
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "opendkim":
* Package name : opendkim
Version : 2.11.0~beta2-9
Upstream contact : The Trusted Domain Project
* URL : http://www.opendkim.org/
* License : BSD-3-clause and SOSL, ISC, GPL-3+ with AutoConf exception
* Vcs : https://salsa.debian.org/debian/opendkim
Section : mail
The source builds the following binary packages:
opendkim - DomainKeys Identified Mail (DKIM) signing and verifying milter
opendkim-tools - utilities for administering the OpenDKIM milter
libopendkim11 - DomainKeys Identified Mail (DKIM) library
libopendkim-dev - DomainKeys Identified Mail (DKIM) library (development
files)
libvbr2 - Vouch By Reference (VBR) library
libvbr-dev - Vouch By Reference (VBR) library (development files)
librbl1 - Real-time Blacklist (RBL) query library
librbl-dev - Real-time Blacklist (RBL) query library (development files)
miltertest - utility for testing milter applications
To access further information about this package, please visit the following
URL:
https://mentors.debian.net/package/opendkim/
Alternatively, you can download the package with 'dget' using this command:
dget -x
https://mentors.debian.net/debian/pool/main/o/opendkim/opendkim_2.11.0~beta2-9.dsc
Changes since the last upload:
opendkim (2.11.0~beta2-9) unstable; urgency=medium
.
[ David Bürgin ]
* debian/patches: Add missing upstream bug metadata, add new patches:
- rev-ares-deletion.patch: Delete Authentication-Results headers in
reverse, addresses CVE-2022-48521 (Closes: #1041107).
- ares-missing-space.patch: Add missing space in Auth-Results header.
* Replace transitional libldap2-dev with libldap-dev in Build-Depends.
* Remove obsolete lsb-base dependency in opendkim package.
* Delete obsolete entries in debian/opendkim.NEWS.
.
[ Samuel Thibault ]
* d/rules: Generalize hurd-i386 into hurd.
Thank you.
--
David
--- End Message ---
--- Begin Message ---
On Sat, Nov 25, 2023 at 03:57:37PM +0100, David Bürgin wrote:
> Control: tags -1 - moreinfo
>
> Hello Tobi,
>
> > A question to that: Can you elaborate a bit on the testing you have
> > done to verify that this patch indeed fixes the vulnerability?
> > (Asking, becasue unfortunatly there is not lot of information available
> > e.g from the upstream issue and upstream seems to be generally very
> > silent…
>
> I developed the upstream patch, and so did do the necessary testing
> locally. You can simply prepare a crafted message containing some
> Authentication-Results headers and then see if the right ones get
> deleted.
Thanks for confirming! And thanks for fixing the issue!
> > Said that, if we have a high confidence in this patch, this fix should
> > also propagate to stable (via stable-proposed-updates) and oldstable.
> > I'm happy to sponsor such uploads.
>
> I don’t know if I will have the energy to do a stable update, though.
Ok, fair enough. I just wanted to avoid stealing your kudos ;-)
I'll take care about stable / oldstable then ;)
> > Except the information request, this package is ready to be sponsored,
> > and I will do so once the me-being-paranoid-question has been answered
> > ;-)
>
> Thank you for your interest!
Thanks for your contributions to Debian! (IOW uploaded)
> Ciao,
> David
signature.asc
Description: PGP signature
--- End Message ---
