CVSROOT: /cvs
Module name: ports
Changes by: st...@cvs.openbsd.org 2021/05/03 07:31:49
Modified files:
mail/opendmarc : Makefile distinfo
mail/opendmarc/pkg: PLIST
Removed files:
mail/opendmarc/patches: patch-opendmarc_opendmarc_c
Log message:
update to opendmarc-1.4.1.1, looks fine to Renaud Allard (maintainer)
CVE-2019-20790 - OpenDMARC through 1.3.2 and 1.4.x, when used with
pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC
authentication in situations where the HELO field is inconsistent
with the MAIL FROM field.
CVE-2020-12272 - OpenDMARC through 1.3.2 and 1.4.x allows attacks
that inject authentication results to provide false information
about the domain that originated an e-mail message. This is caused
by incorrect parsing and interpretation of SPF/DKIM authentication
results, as demonstrated by the "example.net(.example.com" substring.
CVE-2020-12460 - OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1
has improper null termination in the function opendmarc_xml_parse that
can result in a one-byte heap overflow in opendmarc_xml when parsing a
specially crafted DMARC aggregate report. This can cause remote memory
corruption when a '\0' byte overwrites the heap metadata of the next
chunk and its PREV_INUSE flag.
