Your message dated Thu, 25 Oct 2012 05:47:31 +0000 with message-id <e1trghz-0006ih...@franck.debian.org> and subject line Bug#691394: fixed in opendkim 2.6.8-1 has caused the Debian Bug report #691394, regarding opendkim: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 691394: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691394 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: opendkim Version: 2.0.1+dfsg-1 Severity: grave Tags: security upstream Justification: user security hole See http://www.kb.cert.org/vuls/id/268267, VU#268267 opendkim in squeeze, wheezy, sid offers no method to prevent use of keys less than 1024 bits. This is added in the new upstream release, 2.6.8, that was released just for this issue.
--- End Message ---
--- Begin Message ---Source: opendkim Source-Version: 2.6.8-1 We believe that the bug you reported is fixed in the latest version of opendkim, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 691...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Scott Kitterman <sc...@kitterman.com> (supplier of updated opendkim package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 25 Oct 2012 01:04:27 -0400 Source: opendkim Binary: opendkim opendkim-tools libopendkim7 libopendkim-dev libvbr2 libvbr-dev Architecture: source i386 Version: 2.6.8-1 Distribution: experimental Urgency: low Maintainer: Mike Markley <m...@markley.org> Changed-By: Scott Kitterman <sc...@kitterman.com> Description: libopendkim-dev - Headers and development libraries for the OpenDKIM library libopendkim7 - Library for signing and verifying DomainKeys Identified Mail sign libvbr-dev - Headers and development libraries for the OpenDKIM VBR library libvbr2 - Library for RFC 5518 Vouch By Reference (VBR) opendkim - Milter implementation of DomainKeys Identified Mail opendkim-tools - Set of command line tools for OpenDKIM Closes: 691394 Changes: opendkim (2.6.8-1) experimental; urgency=low . * New upstream security release to add capability to exclude use of insecure keys (Closes: #691394, LP: #1071139) Checksums-Sha1: 794583903556c78846607cefc641ab9189a48d49 1397 opendkim_2.6.8-1.dsc c15cce7f254190567c4b96508a9d94f68ea806e8 1141247 opendkim_2.6.8.orig.tar.gz 00efa7109a185afee0845c8b11e51ab9eda5c87c 13100 opendkim_2.6.8-1.diff.gz f2ae7f1802b9f887133e55410d7778ef8ac6f35c 177920 opendkim_2.6.8-1_i386.deb d78e46bf01b05dcd6dce1a0932f8f74f74b2e5b7 167024 opendkim-tools_2.6.8-1_i386.deb 92efaabf58081b9629879f625e38a414a2de9fd9 86862 libopendkim7_2.6.8-1_i386.deb f91a70d0fcd56afedae063043f363a11a94e7ecd 175036 libopendkim-dev_2.6.8-1_i386.deb 355ba5a9ab2ad00740bef1ead0cbc10ee9387184 35256 libvbr2_2.6.8-1_i386.deb 35ad6c0097cfcf7cb76cfb37dcc9dbbe3050e31d 39022 libvbr-dev_2.6.8-1_i386.deb Checksums-Sha256: ab24aea2e141cdfbc17f7b3682c414f68d2a099a927268ffa2de328d25190bc8 1397 opendkim_2.6.8-1.dsc 1b2e9033842634a1dc891afa10a94ba58c0e7663670e2faf117b27bead541edc 1141247 opendkim_2.6.8.orig.tar.gz caeac4b57869a6b26fd81508994661b44f3cd2e66802ab9c8ac7012ed3f5d72a 13100 opendkim_2.6.8-1.diff.gz 7ad14c0191fa3674547d770c2c884ab761bddea633ecdf0e8e3d8e67bf5dfb2d 177920 opendkim_2.6.8-1_i386.deb 2181d2405333e534536525dac6cff5a6dfdfd5a8048a3ec362c07548ceeaf604 167024 opendkim-tools_2.6.8-1_i386.deb 56da135e9ae6441d079dfd05137290a5e8f163ed3c075422679e3241fa9c257d 86862 libopendkim7_2.6.8-1_i386.deb 569dc7061fbf433e5d856ed46bef593181a522912b35a54dea8f8a734e4f76f1 175036 libopendkim-dev_2.6.8-1_i386.deb 74f5766975d40c8e0283deda1f8636cc933102ddb3482b5efb4830cf5aee6b72 35256 libvbr2_2.6.8-1_i386.deb ebb4d8dc0db8a3f7748591d6c750affa299115cb0f90f3e01072d12dbbf58d8f 39022 libvbr-dev_2.6.8-1_i386.deb Files: dc7640424dd17f41e19ec0969fda169c 1397 mail extra opendkim_2.6.8-1.dsc b9f57c0635612f42c5f5173b3a23f097 1141247 mail extra opendkim_2.6.8.orig.tar.gz b91c138b7ba9569041d1a95b959f42e9 13100 mail extra opendkim_2.6.8-1.diff.gz b2c5e1afada71e51a6339ed5211d79fc 177920 mail extra opendkim_2.6.8-1_i386.deb b4fd7b5afdaa771ede9ad477051f9cce 167024 mail extra opendkim-tools_2.6.8-1_i386.deb f424605b189a55bfd792e833d9c5ae33 86862 libs extra libopendkim7_2.6.8-1_i386.deb 5569152258f43cab7c132564a9102b49 175036 libdevel extra libopendkim-dev_2.6.8-1_i386.deb f563b7fbd08a60dec0e1195d4848ce2f 35256 libs extra libvbr2_2.6.8-1_i386.deb 8080c1031fccf32e59583d3f28946f5c 39022 libdevel extra libvbr-dev_2.6.8-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEUEARECAAYFAlCI0QIACgkQHajaM93NaGqnaQCdHDccDvqOb53AP+oamkk1VXvt oS8AmI8wqEgP49KV5/+V7usZsS//1aE= =8Qdw -----END PGP SIGNATURE-----
--- End Message ---
