Debian Package Tracker
Register | Log in
Subscribe

opendmarc

Milter implementation of DMARC

Choose email to subscribe with

general
  • source: opendmarc (main)
  • version: 1.4.0~beta1+dfsg-3
  • maintainer: Scott Kitterman (DMD)
  • uploaders: David Bürgin [DMD]
  • arch: any
  • std-ver: 4.5.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • oldstable: 1.3.2-2+deb9u2
  • old-sec: 1.3.2-2+deb9u2
  • stable: 1.3.2-6+deb10u1
  • stable-sec: 1.3.2-6+deb10u1
  • testing: 1.4.0~beta1+dfsg-3
  • unstable: 1.4.0~beta1+dfsg-3
versioned links
  • 1.3.2-2+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.3.2-6+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.4.0~beta1+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libopendmarc-dev
  • libopendmarc2
  • opendmarc (3 bugs: 0, 3, 0, 0)
action needed
A new upstream version is available: 1.4.0 high
A new upstream version 1.4.0 is available, you should consider packaging it.
Created: 2021-01-29 Last update: 2021-04-16 15:07
2 security issues in stretch high

There are 2 open security issues in stretch.

2 important issues:
  • CVE-2020-12272: OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
  • CVE-2020-12460: OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag.
Created: 2021-02-19 Last update: 2021-04-12 18:00
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2020-12272: OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
Created: 2021-02-19 Last update: 2021-04-12 18:00
2 security issues in buster high

There are 2 open security issues in buster.

1 important issue:
  • CVE-2020-12272: OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
1 issue left for the package maintainer to handle:
  • CVE-2020-12460: (needs triaging) OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-02-19 Last update: 2021-04-12 18:00
1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:
  • CVE-2020-12272: OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
Created: 2021-02-19 Last update: 2021-04-12 18:00
1 bug tagged help in the BTS normal
The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.
Created: 2020-04-13 Last update: 2021-04-16 16:32
Depends on packages which need a new maintainer normal
The packages that opendmarc depends on which need a new maintainer are:
  • dh-exec (#851746)
    • Build-Depends: dh-exec
  • libopendbx (#916331)
    • Recommends: libopendbx1 libopendbx1-mysql
  • sendmail (#740070)
    • Build-Depends: libmilter-dev
    • Depends: libmilter1.0.1
Created: 2019-11-22 Last update: 2021-04-16 13:36
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).
Created: 2020-11-17 Last update: 2020-11-17 05:41
news
[rss feed]
  • [2020-09-21] opendmarc 1.4.0~beta1+dfsg-3 MIGRATED to testing (Debian testing watch)
  • [2020-09-19] Accepted opendmarc 1.4.0~beta1+dfsg-3 (source) into unstable (David Bürgin) (signed by: Bart Martens)
  • [2020-06-26] opendmarc 1.4.0~beta1+dfsg-2 MIGRATED to testing (Debian testing watch)
  • [2020-06-21] Accepted opendmarc 1.4.0~beta1+dfsg-2 (source) into unstable (David Bürgin) (signed by: Bart Martens)
  • [2020-04-04] opendmarc 1.4.0~beta1+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-03-29] Accepted opendmarc 1.4.0~beta1+dfsg-1 (source) into unstable (David Bürgin) (signed by: Adam Borowski)
  • [2019-09-21] Accepted opendmarc 1.3.2-2+deb9u2 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2019-09-21] Accepted opendmarc 1.3.2-6+deb10u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2019-09-19] Accepted opendmarc 1.3.2-2+deb9u2 (source amd64 all) into oldstable->embargoed, oldstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2019-09-19] Accepted opendmarc 1.3.2-6+deb10u1 (source amd64) into stable->embargoed, stable (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2019-09-19] opendmarc 1.3.2-7 MIGRATED to testing (Debian testing watch)
  • [2019-09-16] Accepted opendmarc 1.3.2-7 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2019-01-24] opendmarc 1.3.2-6 MIGRATED to testing (Debian testing watch)
  • [2019-01-19] Accepted opendmarc 1.3.2-6 (source amd64) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2018-12-22] opendmarc 1.3.2-5 MIGRATED to testing (Debian testing watch)
  • [2018-12-17] Accepted opendmarc 1.3.2-5 (source amd64) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2018-03-17] opendmarc 1.3.2-4 MIGRATED to testing (Debian testing watch)
  • [2018-03-13] Accepted opendmarc 1.3.2-2+deb9u1~bpo8+1 (source amd64 all) into jessie-backports->backports-policy, jessie-backports (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2018-03-11] Accepted opendmarc 1.3.2-4 (source amd64) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2018-02-25] Accepted opendmarc 1.3.2-2+deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2017-12-17] opendmarc 1.3.2-3 MIGRATED to testing (Debian testing watch)
  • [2017-12-11] Accepted opendmarc 1.3.2-3 (source amd64 all) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2017-08-26] opendmarc 1.3.2-2 MIGRATED to testing (Debian testing watch)
  • [2017-08-25] opendmarc REMOVED from testing (Debian testing watch)
  • [2017-06-24] Accepted opendmarc 1.3.2-2~bpo8+1 (source amd64 all) into jessie-backports->backports-policy, jessie-backports (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2017-05-28] opendmarc 1.3.2-2 MIGRATED to testing (Debian testing watch)
  • [2017-05-22] Accepted opendmarc 1.3.2-2 (source amd64 all) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2017-03-20] opendmarc 1.3.2-1 MIGRATED to testing (Debian testing watch)
  • [2017-03-14] Accepted opendmarc 1.3.2-1 (source amd64 all) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2017-01-18] opendmarc 1.3.2~Beta1-2 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 6
  • RC: 0
  • I&N: 6
  • M&W: 0
  • F&P: 0
  • patch: 0
  • help: 1
links
  • homepage
  • lintian
  • buildd: logs, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • l10n (100, -)
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.4.0~beta1+dfsg-3

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing