UbuntuUpdates.org

Package "libopendmarc-dev"

Name: libopendmarc-dev

Description:

Headers and development libraries for the OpenDMARC library

Latest version: 1.3.2-3ubuntu0.2
Release: bionic (18.04)
Level: security
Repository: universe
Head package: opendmarc
Homepage: http://www.trusteddomain.org/opendmarc

Links


Download "libopendmarc-dev"


Other versions of "libopendmarc-dev" in Bionic

Repository Area Version
base universe 1.3.2-3
updates universe 1.3.2-3ubuntu0.2

Changelog

Version: 1.3.2-3ubuntu0.2 2023-09-11 12:06:57 UTC

  opendmarc (1.3.2-3ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: false authentication results
    - debian/patches/CVE-2020-12272.patch: check syntaxes of domain names
      passed to opendmarc_policy_store_spf() and
      opendmarc_policy_store_dkim().
    - CVE-2020-12272
  * SECURITY UPDATE: heap overflow
    - debian/patches/CVE-2020-12460.patch: ensure NULL-termination of the
      buffer is passed to opendmarc_xml() from opendmarc_xml_parse().
    - CVE-2020-12460

 -- Allen Huang <email address hidden> Thu, 07 Sep 2023 14:33:58 +0100

Source diff to previous version
CVE-2020-12272 OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an
CVE-2020-12460 OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte

Version: 1.3.2-3ubuntu0.1 2020-10-01 21:06:16 UTC

  opendmarc (1.3.2-3ubuntu0.1) bionic-security; urgency=medium

  * Merge patches from Debian.
  * SECURITY UPDATE: Signature-bypass vulnerability
    - debian/patches/pull48.patch: Correct multi-from processing so wrong
      DMARC pass is avoided.
    - CVE-2019-16378
  * SECURITY UPDATE: Other fixes
    - debian/patches/ticket137.patch: Handle base64 inside AR tokens that are
      values.
    - debian/patches/ticket146.patch: Reads from the named file instead of
      from standard input (the default).
    - debian/patches/ticket204.patch: Use lc to get value.
    - debian/patches/ticket207.patch: Fix SQL query.
    - debian/patches/ticket208.patch: Add IgnoreMailTo.
    - debian/patches/ticket212.patch: Shutdown if fp is NULL.
    - debian/patches/ticket227.patch: Fix policy check condition.

 -- Paulo Flabiano Smorigo <email address hidden> Thu, 01 Oct 2020 12:51:30 +0000

CVE-2019-16378 OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect



About   -   Send Feedback to @ubuntu_updates