UbuntuUpdates.org

Package "opendmarc"

Name: opendmarc

Description:

Milter implementation of DMARC
Latest version: 1.3.2-3ubuntu0.2
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: http://www.trusteddomain.org/opendmarc

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "opendmarc"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "opendmarc" in Bionic

Repository Area Version
base universe 1.3.2-3
updates universe 1.3.2-3ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.3.2-3ubuntu0.2 2023-09-11 12:06:57 UTC

  opendmarc (1.3.2-3ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: false authentication results
    - debian/patches/CVE-2020-12272.patch: check syntaxes of domain names
      passed to opendmarc_policy_store_spf() and
      opendmarc_policy_store_dkim().
    - CVE-2020-12272
  * SECURITY UPDATE: heap overflow
    - debian/patches/CVE-2020-12460.patch: ensure NULL-termination of the
      buffer is passed to opendmarc_xml() from opendmarc_xml_parse().
    - CVE-2020-12460

 -- Allen Huang <email address hidden> Thu, 07 Sep 2023 14:33:58 +0100
Source diff to previous version
CVE-2020-12272 OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an
CVE-2020-12460 OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte

Version: 1.3.2-3ubuntu0.1 2020-10-01 21:06:16 UTC

  opendmarc (1.3.2-3ubuntu0.1) bionic-security; urgency=medium

  * Merge patches from Debian.
  * SECURITY UPDATE: Signature-bypass vulnerability
    - debian/patches/pull48.patch: Correct multi-from processing so wrong
      DMARC pass is avoided.
    - CVE-2019-16378
  * SECURITY UPDATE: Other fixes
    - debian/patches/ticket137.patch: Handle base64 inside AR tokens that are
      values.
    - debian/patches/ticket146.patch: Reads from the named file instead of
      from standard input (the default).
    - debian/patches/ticket204.patch: Use lc to get value.
    - debian/patches/ticket207.patch: Fix SQL query.
    - debian/patches/ticket208.patch: Add IgnoreMailTo.
    - debian/patches/ticket212.patch: Shutdown if fp is NULL.
    - debian/patches/ticket227.patch: Fix policy check condition.

 -- Paulo Flabiano Smorigo <email address hidden> Thu, 01 Oct 2020 12:51:30 +0000
CVE-2019-16378 OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect


About   -   Send Feedback to @ubuntu_updates