Source: opendkim X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for opendkim. CVE-2022-48521[0]: | An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x | through 2.11.0-Beta2. It fails to keep track of ordinal numbers when | removing fake Authentication-Results header fields, which allows a | remote attacker to craft an e-mail message with a fake sender | address such that programs that rely on Authentication-Results from | OpenDKIM will treat the message as having a valid DKIM signature | when in fact it has none. https://github.com/trusteddomainproject/OpenDKIM/issues/148 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-48521 https://www.cve.org/CVERecord?id=CVE-2022-48521 Please adjust the affected versions in the BTS as needed.