[SECURITY] [DLA 3546-1] opendmarc security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3546-1] opendmarc security update
From: "Chris Lamb" <lamby@debian.org>
Date: Mon, 28 Aug 2023 11:08:55 -0700
Message-id: <[🔎] 169324384389.314867.601707755474023252@copycat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3546-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
August 28, 2023                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : opendmarc
Version        : 1.3.2-6+deb10u3
CVE ID         : CVE-2020-12272
Debian Bug     : 977767

It was discovered that there was an issue in the opendmarc DMARC
email filter system. A vulnerability allowed attackers to inject
authentication results to provide false information about the domain
that originated an email message. This was caused by incorrect
parsing and interpretation of SPF/DKIM authentication results.

For Debian 10 buster, this problem has been fixed in version
1.3.2-6+deb10u3.

We recommend that you upgrade your opendmarc packages.

For the detailed security status of opendmarc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/opendmarc

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmTs2b4ACgkQHpU+J9Qx
Hlg0EQ//U+VFUtBdfCNRXPhriFEu3Xw4qdKEOyEGT4lYBamMP5Gib9TEo/JrnE1J
5wbOr5T7ZCHVvY6TpEC7hmqrmaq3Yw7vSkt5yA5H6F8tCVoplS9/k5hyOk0tsjdL
QsNbUmlbGoCxo8uNz3/nnBcG90+kn2VbHyq4xV8U7oa3E08GopmHK0u//r3ssSQ9
z+ddUGifEFzzbnpemVmqCU24xIRcJOL1v3nMVRMc0bfmSZ2ew+uT/iaGsqNDTWN8
ZmcO/st0KBdq+w4vd9VDJVc18BHQk+CcVQ8SHVH4WqKJnCpM8jsZtnO5X+9Lilq2
J748WPllHW5JGhnk8PgvLW+aJ97cS9/5bB41IH0yMFvz/GGotPBNSK/4qJjh1Ni0
hojpqJbf52fXcgTB0j/J4Z5cGx64x7f89txJWGO9C6DeDGyHjcrT6/Glbmg7ZxD0
U3qV4nNt0+qON54j3G09DGinohmaQSITuJlK/nXhJNdw+8Cn/KCXJvaxNCTlxf3q
M0jCw1gsNO/WDAXW5/92d5MBJnnb8HpL4HkU/ullD4b8veABm9lPqHFUkgu56jwL
LhAG7helu/dNqqEGrIIR7/T+IJdAR6K5CV2OTawXbuX+goI/CA7u5DdvvlAAul+j
S/hY0FU3RGSjePJsMpyCAHl6nD3gp+syUwgYwxu6K8LQqgGCMD0=
=t8Vw
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3545-1] flask-security security update
Next by Date: [SECURITY] [DLA 3547-1] tryton-server security update
Previous by thread: [SECURITY] [DLA 3545-1] flask-security security update
Next by thread: [SECURITY] [DLA 3547-1] tryton-server security update
Index(es):
- Date
- Thread