Control: owner -1 ! Control: tags -1 moreinfo Hi David, thanks for providing this update, especially for CVE-2022-48521. A question to that: Can you elaborate a bit on the testing you have done to verify that this patch indeed fixes the vulnerability? (Asking, becasue unfortunatly there is not lot of information available e.g from the upstream issue and upstream seems to be generally very silent… Said that, if we have a high confidence in this patch, this fix should also propagate to stable (via stable-proposed-updates) and oldstable. I'm happy to sponsor such uploads. Except the information request, this package is ready to be sponsored, and I will do so once the me-being-paranoid-question has been answered ;-) -- Cheers, tobi On Sun, Nov 19, 2023 at 09:30:22PM +0100, David Bürgin wrote: > Package: sponsorship-requests > Severity: normal > > Dear mentors, > > I am looking for a sponsor for my package "opendkim": > > * Package name : opendkim > Version : 2.11.0~beta2-9 > Upstream contact : The Trusted Domain Project > * URL : http://www.opendkim.org/ > * License : BSD-3-clause and SOSL, ISC, GPL-3+ with AutoConf exception > * Vcs : https://salsa.debian.org/debian/opendkim > Section : mail > > The source builds the following binary packages: > > opendkim - DomainKeys Identified Mail (DKIM) signing and verifying milter > opendkim-tools - utilities for administering the OpenDKIM milter > libopendkim11 - DomainKeys Identified Mail (DKIM) library > libopendkim-dev - DomainKeys Identified Mail (DKIM) library (development files) > libvbr2 - Vouch By Reference (VBR) library > libvbr-dev - Vouch By Reference (VBR) library (development files) > librbl1 - Real-time Blacklist (RBL) query library > librbl-dev - Real-time Blacklist (RBL) query library (development files) > miltertest - utility for testing milter applications > > To access further information about this package, please visit the following URL: > > https://mentors.debian.net/package/opendkim/ > > Alternatively, you can download the package with 'dget' using this command: > > dget -x https://mentors.debian.net/debian/pool/main/o/opendkim/opendkim_2.11.0~beta2-9.dsc > > Changes since the last upload: > > opendkim (2.11.0~beta2-9) unstable; urgency=medium > . > [ David Bürgin ] > * debian/patches: Add missing upstream bug metadata, add new patches: > - rev-ares-deletion.patch: Delete Authentication-Results headers in > reverse, addresses CVE-2022-48521 (Closes: #1041107). > - ares-missing-space.patch: Add missing space in Auth-Results header. > * Replace transitional libldap2-dev with libldap-dev in Build-Depends. > * Remove obsolete lsb-base dependency in opendkim package. > * Delete obsolete entries in debian/opendkim.NEWS. > . > [ Samuel Thibault ] > * d/rules: Generalize hurd-i386 into hurd. > > Thank you. > > > -- > David >
Attachment:
signature.asc
Description: PGP signature