[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust

Fri, 26 Oct 2012 22:55:41 -0700 

** Description changed:

  See http://www.kb.cert.org/vuls/id/268267, VU#268267
  
  opendkim in squeeze, wheezy, sid offers no method to prevent use of keys
  less than 1024 bits.  This is added in the new upstream release, 2.6.8, that
  was released just for this issue.
+ 
+ [IMPACT]
+ 
+  * DKIM verifiers using opendkim will use insecure keys to produce valid
+ results.
+ 
+ [TESTCASE]
+ 
+  * The new functionality to limit key sizes is not easy to test, but is 
covered by
+    additions to the test suite.
+ 
+  * In order to verify this package, it needs to be installed and tested that 
it
+    generally works as before.
+ 
+  * Because of the specialized nature of this package, it's not possible to 
produce
+    a test case that just anyone can verify.
+ 
+ [Regression Potential]
+ 
+  * Regression potential is very small as the only code changes in this 
release are 
+    the changes to resolve this issue.
+ 
+ [Other Info]
+ 
+  * Almost all of the diff is tool related noise.  I've attached the non-noise 
part
+    of the diff to this bug for reference.  I think it's lower risk to just 
update
+    to the new release to match what upstream is doing since there are no 
other 
+    changes in this release.
+  
+  * The security team has reviewed this bug and said it should go via SRU and 
not in
+    -security since it causes a config file change.

** Changed in: opendkim (Ubuntu Quantal)
       Status: New => In Progress

** Changed in: opendkim (Ubuntu Quantal)
   Importance: Undecided => High

** Changed in: opendkim (Ubuntu Quantal)
     Assignee: (unassigned) => Scott Kitterman (kitterman)

** Changed in: opendkim (Ubuntu Quantal)
    Milestone: None => quantal-updates

** Attachment added: "Abbreviated diff"
   
https://bugs.launchpad.net/ubuntu/+source/opendkim/+bug/1071139/+attachment/3415118/+files/patch2.6.7-2.6.8

** Also affects: precise-backports
   Importance: Undecided
       Status: New

** Also affects: lucid-backports
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Backporters, which is subscribed to Precise Backports.
https://bugs.launchpad.net/bugs/1071139

Title:
  DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey
  message trust

To manage notifications about this bug go to:
https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions

-- 
ubuntu-backports mailing list
ubuntu-backports@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports

Reply via email to