ubuntu-mail-server team mailing list archive

Thread
Date

[Bug 1071139] Re: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust

To: ubuntu-mail-server@xxxxxxxxxxxxxxxxxxx
From: Seth Arnold <1071139@xxxxxxxxxxxxxxxxxx>
Date: Thu, 25 Oct 2012 17:45:38 -0000
Reply-to: Bug 1071139 <1071139@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Since opendkim is in universe, it is community maintained. If you are
able, please post a debdiff for this issue.

When a debdiff is available, members of the security team will review it
and publish the package. See the following link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Mail Server, which is subscribed to opendkim in Ubuntu.
https://bugs.launchpad.net/bugs/1071139

Title:
  DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey
  message trust

Status in “opendkim” package in Ubuntu:
  Fix Committed
Status in “opendkim” source package in Lucid:
  New
Status in “opendkim” source package in Natty:
  New
Status in “opendkim” source package in Oneiric:
  New
Status in “opendkim” source package in Precise:
  New
Status in “opendkim” source package in Quantal:
  New
Status in “opendkim” source package in Raring:
  Fix Committed
Status in “opendkim” package in Debian:
  Confirmed

Bug description:
  See http://www.kb.cert.org/vuls/id/268267, VU#268267

  opendkim in squeeze, wheezy, sid offers no method to prevent use of keys
  less than 1024 bits.  This is added in the new upstream release, 2.6.8, that
  was released just for this issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/opendkim/+bug/1071139/+subscriptions

References

[Bug 1071139] [NEW] DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
From: Scott Kitterman, 2012-10-25