CVE-2021-34555: OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field. Patches here but unreviewed by upstream: https://github.com/trusteddomainproject/OpenDMARC/pull/178
Package list is empty or all packages have requested keywords.
Patches apparently in Debian, so I guess they think they're solid.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5cdf10e604f2bfdd5663aa2e23c55dce8cf44321 commit 5cdf10e604f2bfdd5663aa2e23c55dce8cf44321 Author: Fabian Groffen <grobian@gentoo.org> AuthorDate: 2021-08-08 06:54:58 +0000 Commit: Fabian Groffen <grobian@gentoo.org> CommitDate: 2021-08-08 06:55:11 +0000 mail-filter/opendmarc-1.4.1.1-r2: bump for CVE-2021-34555 Bug: https://bugs.gentoo.org/797214 Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: Fabian Groffen <grobian@gentoo.org> .../files/opendmarc-1.4.1.1-CVE-2021-34555.patch | 87 ++++++++++++++++++++++ mail-filter/opendmarc/opendmarc-1.4.1.1-r2.ebuild | 70 +++++++++++++++++ 2 files changed, 157 insertions(+)
Please CC-ARCHES when ready, thanks!
1.4.1.1-r2 should be ready
ppc stable
ppc64 stable
sparc stable
arm done
amd64 stable
x86 done all arches done
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5769b6d90d1f8604045d5e5577dfc3360aa51ec commit c5769b6d90d1f8604045d5e5577dfc3360aa51ec Author: Fabian Groffen <grobian@gentoo.org> AuthorDate: 2021-08-20 06:25:19 +0000 Commit: Fabian Groffen <grobian@gentoo.org> CommitDate: 2021-08-20 06:25:37 +0000 mail-filter/opendmarc: security cleanup Bug: https://bugs.gentoo.org/797214 Signed-off-by: Fabian Groffen <grobian@gentoo.org> mail-filter/opendmarc/opendmarc-1.3.3.ebuild | 78 ----------------------- mail-filter/opendmarc/opendmarc-1.4.1.1-r1.ebuild | 66 ------------------- 2 files changed, 144 deletions(-)
