UbuntuUpdates.org

Package "opendmarc"

Name: opendmarc

Description:

Milter implementation of DMARC

Latest version: 1.3.2-7ubuntu0.1
Release: focal (20.04)
Level: security
Repository: universe
Homepage: http://www.trusteddomain.org/opendmarc

Links


Download "opendmarc"


Other versions of "opendmarc" in Focal

Repository Area Version
base universe 1.3.2-7
updates universe 1.3.2-7ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.3.2-7ubuntu0.1 2023-09-11 12:06:59 UTC

  opendmarc (1.3.2-7ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: false authentication results
    - debian/patches/CVE-2020-12272.patch: check syntaxes of domain names
      passed to opendmarc_policy_store_spf() and
      opendmarc_policy_store_dkim().
    - CVE-2020-12272
  * SECURITY UPDATE: heap overflow
    - debian/patches/CVE-2020-12460.patch: ensure NULL-termination of the
      buffer is passed to opendmarc_xml() from opendmarc_xml_parse().
    - CVE-2020-12460

 -- Allen Huang <email address hidden> Fri, 08 Sep 2023 10:20:49 +0100

CVE-2020-12272 OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an
CVE-2020-12460 OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte



About   -   Send Feedback to @ubuntu_updates