** Description changed:
See http://www.kb.cert.org/vuls/id/268267, VU#268267
opendkim in squeeze, wheezy, sid offers no method to prevent use of keys
less than 1024 bits. This is added in the new upstream release, 2.6.8, that
was released just for this issue.
+
+ [IMPACT]
+
+ * DKIM verifiers using opendkim will use insecure keys to produce valid
+ results.
+
+ [TESTCASE]
+
+ * The new functionality to limit key sizes is not easy to test, but is
covered by
+ additions to the test suite.
+
+ * In order to verify this package, it needs to be installed and tested that
it
+ generally works as before.
+
+ * Because of the specialized nature of this package, it's not possible to
produce
+ a test case that just anyone can verify.
+
+ [Regression Potential]
+
+ * Regression potential is very small as the only code changes in this
release are
+ the changes to resolve this issue.
+
+ [Other Info]
+
+ * Almost all of the diff is tool related noise. I've attached the non-noise
part
+ of the diff to this bug for reference. I think it's lower risk to just
update
+ to the new release to match what upstream is doing since there are no
other
+ changes in this release.
+
+ * The security team has reviewed this bug and said it should go via SRU and
not in
+ -security since it causes a config file change.
** Changed in: opendkim (Ubuntu Quantal)
Status: New => In Progress
** Changed in: opendkim (Ubuntu Quantal)
Importance: Undecided => High
** Changed in: opendkim (Ubuntu Quantal)
Assignee: (unassigned) => Scott Kitterman (kitterman)
** Changed in: opendkim (Ubuntu Quantal)
Milestone: None => quantal-updates
** Attachment added: "Abbreviated diff"
https://bugs.launchpad.net/ubuntu/+source/opendkim/+bug/1071139/+attachment/3415118/+files/patch2.6.7-2.6.8
** Also affects: precise-backports
Importance: Undecided
Status: New
** Also affects: lucid-backports
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Mail Server, which is subscribed to opendkim in Ubuntu.
https://bugs.launchpad.net/bugs/1071139
Title:
DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey
message trust
Status in Lucid Backports:
New
Status in Precise Backports:
In Progress
Status in “opendkim” package in Ubuntu:
Fix Committed
Status in “opendkim” source package in Lucid:
New
Status in “opendkim” source package in Natty:
New
Status in “opendkim” source package in Oneiric:
New
Status in “opendkim” source package in Precise:
New
Status in “opendkim” source package in Quantal:
In Progress
Status in “opendkim” source package in Raring:
Fix Committed
Status in “opendkim” package in Debian:
Fix Released
Bug description:
See http://www.kb.cert.org/vuls/id/268267, VU#268267
opendkim in squeeze, wheezy, sid offers no method to prevent use of keys
less than 1024 bits. This is added in the new upstream release, 2.6.8, that
was released just for this issue.
[IMPACT]
* DKIM verifiers using opendkim will use insecure keys to produce
valid results.
[TESTCASE]
* The new functionality to limit key sizes is not easy to test, but is
covered by
additions to the test suite.
* In order to verify this package, it needs to be installed and tested that
it
generally works as before.
* Because of the specialized nature of this package, it's not possible to
produce
a test case that just anyone can verify.
[Regression Potential]
* Regression potential is very small as the only code changes in this
release are
the changes to resolve this issue.
[Other Info]
* Almost all of the diff is tool related noise. I've attached the non-noise
part
of the diff to this bug for reference. I think it's lower risk to just
update
to the new release to match what upstream is doing since there are no
other
changes in this release.
* The security team has reviewed this bug and said it should go via SRU and
not in
-security since it causes a config file change.
To manage notifications about this bug go to:
https://bugs.launchpad.net/lucid-backports/+bug/1071139/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~ubuntu-mail-server
Post to : [email protected]
Unsubscribe : https://launchpad.net/~ubuntu-mail-server
More help : https://help.launchpad.net/ListHelp
