Your message dated Tue, 22 Jun 2021 17:33:28 +0000
with message-id <[email protected]>
and subject line Bug#990001: fixed in opendmarc 1.4.0~beta1+dfsg-6
has caused the Debian Bug report #990001,
regarding opendmarc: CVE-2021-34555
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
990001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990001
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: opendmarc
Version: 1.4.0~beta1+dfsg-5
Severity: important
Tags: security upstream
Forwarded: https://github.com/trusteddomainproject/OpenDMARC/issues/179
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for opendmarc.
CVE-2021-34555[0]:
| OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial
| of service (NULL pointer dereference and application crash) via a
| multi-value From header field.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-34555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34555
[1] https://github.com/trusteddomainproject/OpenDMARC/issues/179
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: opendmarc
Source-Version: 1.4.0~beta1+dfsg-6
Done: David Bürgin <[email protected]>
We believe that the bug you reported is fixed in the latest version of
opendmarc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Bürgin <[email protected]> (supplier of updated opendmarc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 18 Jun 2021 09:37:57 +0200
Source: opendmarc
Architecture: source
Version: 1.4.0~beta1+dfsg-6
Distribution: unstable
Urgency: high
Maintainer: Scott Kitterman <[email protected]>
Changed-By: David Bürgin <[email protected]>
Closes: 990001
Changes:
opendmarc (1.4.0~beta1+dfsg-6) unstable; urgency=high
.
* Add patch for CVE-2021-34555 from upstream issue tracker:
- Do not dereference NULL in multi-value From headers (Closes: #990001)
Checksums-Sha1:
9f0b72a95fb61332ec3a6fb65b230ff4bfb7716c 2178 opendmarc_1.4.0~beta1+dfsg-6.dsc
0cb1af29016e5a436cf257361dcae58673ea4020 30960
opendmarc_1.4.0~beta1+dfsg-6.debian.tar.xz
46e313235d044331a3f6bfb92908548a7527108a 5709
opendmarc_1.4.0~beta1+dfsg-6_source.buildinfo
Checksums-Sha256:
9a2aa2d317160e8055ee1e2e81866e009414d52a4bae611e609d67738007cf77 2178
opendmarc_1.4.0~beta1+dfsg-6.dsc
80d04983b6c9d44680fb8dd1b08fd40eb00ab8619843fd7453fcad5b1e9e212e 30960
opendmarc_1.4.0~beta1+dfsg-6.debian.tar.xz
2d49f4729c14a388ae4bfd03e7f5d9d9f7d122bc292368a83cc0f8dc15f28345 5709
opendmarc_1.4.0~beta1+dfsg-6_source.buildinfo
Files:
19b22aa95c39031fbcf65542243f0784 2178 mail optional
opendmarc_1.4.0~beta1+dfsg-6.dsc
a0b38427e17d7d6b56dedc0313d88a55 30960 mail optional
opendmarc_1.4.0~beta1+dfsg-6.debian.tar.xz
dfa653f91f78924134a2363efc0a840f 5709 mail optional
opendmarc_1.4.0~beta1+dfsg-6_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmDSGxMACgkQkWT6HRe9
XTYKZA/9FIBoQiKWCF1hlyf9VIPir1uYoF5rE2x0zhZKfNq6FCNPbK2o9sH4uzPY
y0HztfhDmvSeQ/wt2CXZ/cUJiDtRpSzOSufeouZ5XIhRITNl5hQs+Kk+h8O+GCSm
Y1vvNphlNaY/+mM6uVjPc0DnX181Ve0ZgfJIWkxNisUKcOl/OC4EkieAGgPq+b1Q
u8atte1YRtj6iXY1xQnfaktRGubiVXuuvi3Wm0DNCIpfM4FQy1dPc7LIn4EUrcn/
GcKJE1tORSp2CmJwV6GLXhA6PJxyvIbU89SzgkN5O6XrWrcjZSweRBBudgq54P+A
Vi0ovpOcRfaobDTGL5DWZigWwzAsU35N+UhlbkEFvn6EZO4MhsGsYd1N0t0X3gmc
jVEaD/RIY/5M1cxbaOAsnkN6DTEbU6ON4JSLEoMtFLK4RyWid3JvsnJ4uUaUMlGA
lj1MHMhlZZRLtTlsWbs6Vb41e6NF+g8Ta3QhLKaNGReA25K/NfEa6LDku1dneYLz
lTF2qTkgyX2R9PVkKpVq+oXyQMTHt6lV41xIuI5Xnkkrr3R1O2gOW6Olih+yx1d7
BUJM2Yv7BCtjJ3U8D9gDST/pgbEucZni/YLPknOc1nvAr9rGKzdWN1+hegl6Yo5L
WmwDqm8sYfcK5gcsvtO6WIQcElwYxi83PaFIFkp2C0ZELR5peW4=
=UBZX
-----END PGP SIGNATURE-----
--- End Message ---
