Bug#940081: opendmarc: signature bypass with multiple From addresses
Control: retitle -1 opendmarc: CVE-2019-16378: signature bypass with multiple From addresses CVE-2019-16378 was assigned for this issue. Regards, Salvatore
Bug#940081: opendmarc: signature bypass with multiple From addresses
On September 12, 2019 5:17:11 AM UTC, Salvatore Bonaccorso wrote: >Source: opendmarc >Version: 1.3.2-6 >Severity: important >Tags: security upstream >Forwarded: https://github.com/trusteddomainproject/OpenDMARC/pull/48 > >Hi > >See https://www.openwall.com/lists/oss-security/2019/09/11/8 and >https://github.com/trusteddomainproject/OpenDMARC/pull/48 >although there is no vetted/acked patch. > >Filling for tracking. I'm skeptical of the patch, but haven't had a chance to look at it in detail. Unfortunately upstream tends to be slow to react, so it's not clear we'll get a clear resolution quickly. Scott K
Bug#940081: opendmarc: signature bypass with multiple From addresses
Source: opendmarc Version: 1.3.2-6 Severity: important Tags: security upstream Forwarded: https://github.com/trusteddomainproject/OpenDMARC/pull/48 Hi See https://www.openwall.com/lists/oss-security/2019/09/11/8 and https://github.com/trusteddomainproject/OpenDMARC/pull/48 although there is no vetted/acked patch. Filling for tracking. Regards, Salvatore