[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
** Changed in: precise-backports Importance: Undecided => High ** Changed in: precise-backports Status: New => In Progress ** Changed in: precise-backports Assignee: (unassigned) => Scott Kitterman (kitterman) ** Changed in: lucid-backports Importance: Undecided => High ** Changed in: lucid-backports Status: New => In Progress ** Changed in: lucid-backports Assignee: (unassigned) => Scott Kitterman (kitterman) -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
** Description changed: See http://www.kb.cert.org/vuls/id/268267, VU#268267 opendkim in squeeze, wheezy, sid offers no method to prevent use of keys less than 1024 bits. This is added in the new upstream release, 2.6.8, that was released just for this issue. + + [IMPACT] + + * DKIM verifiers using opendkim will use insecure keys to produce valid + results. + + [TESTCASE] + + * The new functionality to limit key sizes is not easy to test, but is covered by +additions to the test suite. + + * In order to verify this package, it needs to be installed and tested that it +generally works as before. + + * Because of the specialized nature of this package, it's not possible to produce +a test case that just anyone can verify. + + [Regression Potential] + + * Regression potential is very small as the only code changes in this release are +the changes to resolve this issue. + + [Other Info] + + * Almost all of the diff is tool related noise. I've attached the non-noise part +of the diff to this bug for reference. I think it's lower risk to just update +to the new release to match what upstream is doing since there are no other +changes in this release. + + * The security team has reviewed this bug and said it should go via SRU and not in +-security since it causes a config file change. ** Changed in: opendkim (Ubuntu Quantal) Status: New => In Progress ** Changed in: opendkim (Ubuntu Quantal) Importance: Undecided => High ** Changed in: opendkim (Ubuntu Quantal) Assignee: (unassigned) => Scott Kitterman (kitterman) ** Changed in: opendkim (Ubuntu Quantal) Milestone: None => quantal-updates ** Attachment added: "Abbreviated diff" https://bugs.launchpad.net/ubuntu/+source/opendkim/+bug/1071139/+attachment/3415118/+files/patch2.6.7-2.6.8 ** Also affects: precise-backports Importance: Undecided Status: New ** Also affects: lucid-backports Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to Precise Backports. https://bugs.launchpad.net/bugs/1071139 Title: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 729955] Re: backport jamin from maverick to lucid
** Changed in: lucid-backports Assignee: Scott Lavender (slavender) => (unassigned) ** Changed in: lucid-backports Status: In Progress => Invalid -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to lucid-backports. https://bugs.launchpad.net/bugs/729955 Title: backport jamin from maverick to lucid To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/729955/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 729811] Re: backport musescore from maverick to lucid
** Changed in: lucid-backports Assignee: Scott Lavender (slavender) => (unassigned) ** Changed in: lucid-backports Status: In Progress => Invalid -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to lucid-backports. https://bugs.launchpad.net/bugs/729811 Title: backport musescore from maverick to lucid To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/729811/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 729898] Re: backport xsane from maverick to lucid
** Changed in: lucid-backports Assignee: Scott Lavender (slavender) => (unassigned) ** Changed in: lucid-backports Status: In Progress => Invalid -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to lucid-backports. https://bugs.launchpad.net/bugs/729898 Title: backport xsane from maverick to lucid To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/729898/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 730130] Re: backport fluid-sounfont from maverick to lucid
** Changed in: lucid-backports Assignee: Scott Lavender (slavender) => (unassigned) ** Changed in: lucid-backports Status: In Progress => Invalid -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to lucid-backports. https://bugs.launchpad.net/bugs/730130 Title: backport fluid-sounfont from maverick to lucid To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/730130/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 729926] Re: backport mcp-plugins from maverick to lucid
** Changed in: lucid-backports Assignee: Scott Lavender (slavender) => (unassigned) ** Changed in: lucid-backports Status: In Progress => Invalid -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to lucid-backports. https://bugs.launchpad.net/bugs/729926 Title: backport mcp-plugins from maverick to lucid To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/729926/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 729750] Re: backport qtractor from maverick to lucid
** Changed in: lucid-backports Assignee: Scott Lavender (slavender) => (unassigned) ** Changed in: lucid-backports Status: In Progress => Confirmed ** Changed in: lucid-backports Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to lucid-backports. https://bugs.launchpad.net/bugs/729750 Title: backport qtractor from maverick to lucid To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/729750/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports