On Sunday 01 March 2009, Steffen Joeris wrote: > dkim-milter suffers is prone to a DoS attack via crafted or revoked > public key record in DNS. ... > http://sourceforge.net/tracker/index.php?func=detail&aid=2508602&grou >p_id=139420&atid=744358 > > http://www.debian.org/security/2009/dsa-1728
good to know it's fixed already *dkim-milter-2.8.1 (17 Jan 2009) 17 Jan 2009; Daniel Black <dragonheart@gentoo.org> -files/dkim-milter-2.7.0-gentoo.patch, -files/dkim-milter-2.7.2-gentoo.patch, -dkim-milter-2.7.0.ebuild, -dkim-milter-2.7.2.ebuild, -dkim-milter-2.8.0.ebuild, +dkim-milter-2.8.1.ebuild: version bump that fixes security vulnerability (dkim validation weakness - see release notes). old vulnerable versions removed
CVE-2009-0770 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0770): dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a denial of service (crash) by signing a message with a key that has been revoked in DNS, which triggers an assertion error.