Debian Package Tracker

general

source: opendmarc (main)
version: 1.4.0~beta1+dfsg-2
maintainer: Scott Kitterman (DMD)
uploaders: David Bürgin [DMD]
arch: any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.3.0+dfsg-1
oldstable: 1.3.2-2+deb9u2
old-sec: 1.3.2-2+deb9u2
stable: 1.3.2-6+deb10u1
stable-sec: 1.3.2-6+deb10u1
testing: 1.4.0~beta1+dfsg-2
unstable: 1.4.0~beta1+dfsg-2

versioned links

1.3.0+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.2-2+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.2-6+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.0~beta1+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libopendmarc-dev
libopendmarc2
opendmarc (4 bugs: 0, 4, 0, 0)

action needed

3 security issues in stretch high

There are 3 open security issues in stretch.

3 important issues:

CVE-2019-20790: OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.
CVE-2020-12272: OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
CVE-2020-12460: OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag.

Please fix them.

Created: 2020-04-29 Last update: 2020-08-07 06:08

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2019-20790: OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.
CVE-2020-12272: OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
CVE-2020-12460: OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag.

Please fix them.

Created: 2020-04-29 Last update: 2020-08-07 06:08

3 security issues in buster high

There are 3 open security issues in buster.

3 important issues:

CVE-2019-20790: OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.
CVE-2020-12272: OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
CVE-2020-12460: OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag.

Please fix them.

Created: 2020-04-29 Last update: 2020-08-07 06:08

3 security issues in bullseye high

There are 3 open security issues in bullseye.

3 important issues:

CVE-2019-20790: OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.
CVE-2020-12272: OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
CVE-2020-12460: OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag.

Please fix them.

Created: 2020-04-29 Last update: 2020-08-07 06:08

1 bug tagged help in the BTS normal

The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.

Created: 2020-04-13 Last update: 2020-08-12 06:03

Depends on packages which need a new maintainer normal

The packages that opendmarc depends on which need a new maintainer are:

dh-exec (#851746)
- Build-Depends: dh-exec
libopendbx (#916331)
- Recommends: libopendbx1 libopendbx1-mysql
sendmail (#740070)
- Build-Depends: libmilter-dev
- Depends: libmilter1.0.1

Created: 2019-11-22 Last update: 2020-08-12 05:30

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.4.0~beta1+dfsg-3, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 2deaf8e33c4329ef68b5799db9eac7ff2920ccda
Author: David Bürgin <dbuergin@gluet.ch>
Date:   Sat Jul 25 15:57:49 2020 +0200

    Typo

commit b5653ac0eda059ef486af05851df1f3abdb9c1d0
Author: David Bürgin <dbuergin@gluet.ch>
Date:   Fri Jul 24 17:30:34 2020 +0200

    d/patches: Add missing DEP-3 headers

commit 2e08b7af5050e7d3d990be1875dfc9fd25d14d07
Author: David Bürgin <dbuergin@gluet.ch>
Date:   Thu Jul 23 15:55:12 2020 +0200

    opendmarc.postinst: Shut down debconf with db_stop

Created: 2020-07-23 Last update: 2020-08-10 06:03

news

[rss feed]

[2020-06-26] opendmarc 1.4.0~beta1+dfsg-2 MIGRATED to testing (Debian testing watch)
[2020-06-21] Accepted opendmarc 1.4.0~beta1+dfsg-2 (source) into unstable (David Bürgin) (signed by: Bart Martens)
[2020-04-04] opendmarc 1.4.0~beta1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-03-29] Accepted opendmarc 1.4.0~beta1+dfsg-1 (source) into unstable (David Bürgin) (signed by: Adam Borowski)
[2019-09-21] Accepted opendmarc 1.3.2-2+deb9u2 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2019-09-21] Accepted opendmarc 1.3.2-6+deb10u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2019-09-19] Accepted opendmarc 1.3.2-2+deb9u2 (source amd64 all) into oldstable->embargoed, oldstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2019-09-19] Accepted opendmarc 1.3.2-6+deb10u1 (source amd64) into stable->embargoed, stable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2019-09-19] opendmarc 1.3.2-7 MIGRATED to testing (Debian testing watch)
[2019-09-16] Accepted opendmarc 1.3.2-7 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2019-01-24] opendmarc 1.3.2-6 MIGRATED to testing (Debian testing watch)
[2019-01-19] Accepted opendmarc 1.3.2-6 (source amd64) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2018-12-22] opendmarc 1.3.2-5 MIGRATED to testing (Debian testing watch)
[2018-12-17] Accepted opendmarc 1.3.2-5 (source amd64) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2018-03-17] opendmarc 1.3.2-4 MIGRATED to testing (Debian testing watch)
[2018-03-13] Accepted opendmarc 1.3.2-2+deb9u1~bpo8+1 (source amd64 all) into jessie-backports->backports-policy, jessie-backports (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2018-03-11] Accepted opendmarc 1.3.2-4 (source amd64) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2018-02-25] Accepted opendmarc 1.3.2-2+deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2017-12-17] opendmarc 1.3.2-3 MIGRATED to testing (Debian testing watch)
[2017-12-11] Accepted opendmarc 1.3.2-3 (source amd64 all) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2017-08-26] opendmarc 1.3.2-2 MIGRATED to testing (Debian testing watch)
[2017-08-25] opendmarc REMOVED from testing (Debian testing watch)
[2017-06-24] Accepted opendmarc 1.3.2-2~bpo8+1 (source amd64 all) into jessie-backports->backports-policy, jessie-backports (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2017-05-28] opendmarc 1.3.2-2 MIGRATED to testing (Debian testing watch)
[2017-05-22] Accepted opendmarc 1.3.2-2 (source amd64 all) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2017-03-20] opendmarc 1.3.2-1 MIGRATED to testing (Debian testing watch)
[2017-03-14] Accepted opendmarc 1.3.2-1 (source amd64 all) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2017-01-18] opendmarc 1.3.2~Beta1-2 MIGRATED to testing (Debian testing watch)
[2017-01-07] Accepted opendmarc 1.3.2~Beta1-2 (source amd64 all) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2017-01-07] Accepted opendmarc 1.3.2~Beta1-1 (source amd64 all) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)

bugs [bug history graph]

all: 7
RC: 0
I&N: 6
M&W: 0
F&P: 1
patch: 0
help: 1

links

homepage
lintian
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots
l10n (100, -)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.4.0~beta1+dfsg-2