Bug 240505

Summary: mail/opendmarc: fix multiple addresses in From vulnerability
Product: Ports & Packages Reporter: Kurt Jaeger <pi>
Component: Individual Port(s)Assignee: Kurt Jaeger <pi>
Status: Closed FIXED    
Severity: Affects Many People CC: delphij, freebsd, joneum, koobs, philip, pi, ports-secteam
Priority: Normal Keywords: security
Version: LatestFlags: koobs: merge-quarterly+
Hardware: Any   
OS: Any   
See Also: https://github.com/trusteddomainproject/OpenDMARC/pull/48
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260594
Attachments:
Description Flags
patch none

Comment 1 Kurt Jaeger freebsd_committer freebsd_triage 2019-09-11 15:53:16 UTC 
testbuilds are fine
Comment 2 Xin LI freebsd_committer freebsd_triage 2019-09-15 05:09:15 UTC 
Please go ahead with the change with ports-secteam@ blessing.
Comment 3 commit-hook freebsd_committer freebsd_triage 2019-09-15 09:51:35 UTC 
A commit references this bug:

Author: pi
Date: Sun Sep 15 09:51:21 UTC 2019
New revision: 512093
URL: https://svnweb.freebsd.org/changeset/ports/512093

Log:
  mail/opendmarc: fix multiple addresses in From vulnerability

  - please note that it might only be a partial fix, see
    https://github.com/trusteddomainproject/OpenDMARC/pull/48#issuecomment-530375590

  PR:		240505
  Reported by:	protonmail
  Approved by:	ports-secteam (delphij)
  Obtained from:	https://github.com/trusteddomainproject/OpenDMARC/pull/48
  MFH:		2019Q3
  Security:	https://protonmail.com/blog/bellingcat-cyberattack-phishing/

Changes:
  head/mail/opendmarc/Makefile
  head/mail/opendmarc/files/patch-libopendmarc_tests_test__finddomain.c
  head/mail/opendmarc/files/patch-opendmarc_opendmarc.c
Comment 4 commit-hook freebsd_committer freebsd_triage 2019-09-15 09:57:37 UTC 
A commit references this bug:

Author: pi
Date: Sun Sep 15 09:57:34 UTC 2019
New revision: 512094
URL: https://svnweb.freebsd.org/changeset/ports/512094

Log:
  MFH: r512093

  mail/opendmarc: fix multiple addresses in From vulnerability

  - please note that it might only be a partial fix, see
    https://github.com/trusteddomainproject/OpenDMARC/pull/48#issuecomment-530375590

  PR:		240505
  Reported by:	protonmail
  Approved by:	ports-secteam (delphij)
  Obtained from:	https://github.com/trusteddomainproject/OpenDMARC/pull/48
  Security:	https://protonmail.com/blog/bellingcat-cyberattack-phishing/

Changes:
_U  branches/2019Q3/
  branches/2019Q3/mail/opendmarc/Makefile
  branches/2019Q3/mail/opendmarc/files/patch-libopendmarc_tests_test__finddomain.c
  branches/2019Q3/mail/opendmarc/files/patch-opendmarc_opendmarc.c
Comment 5 Kurt Jaeger freebsd_committer freebsd_triage 2020-07-14 10:07:41 UTC 
probably needs vuxml entry ?
Comment 6 Jochen Neumeister freebsd_committer freebsd_triage 2020-07-24 08:50:47 UTC 
(In reply to Kurt Jaeger from comment #5)

Yes, please. This is a CVE Security Update.
Comment 7 Dan Mahoney 2021-12-21 20:24:46 UTC 
Feel free to assign this to me, and resolve, once 260594 is merged.
Comment 8 Kubilay Kocak freebsd_committer freebsd_triage 2021-12-25 10:42:09 UTC 
@Kurt Did this port update ever get a VuXMl entry?
Comment 9 Kubilay Kocak freebsd_committer freebsd_triage 2021-12-25 10:52:40 UTC 
See bug 260594 comment 4
Comment 10 commit-hook freebsd_committer freebsd_triage 2021-12-30 03:26:28 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=af45137ac99e6fa40aaba0cfdca4f3c9ced89eb5

commit af45137ac99e6fa40aaba0cfdca4f3c9ced89eb5
Author:     Dan Mahoney <freebsd@gushi.org>
AuthorDate: 2021-12-29 04:41:37 +0000
Commit:     Philip Paeps <philip@FreeBSD.org>
CommitDate: 2021-12-30 03:23:33 +0000

    security/vuxml: OpenDMARC 1.3.2 vulnerabilities

    PR:             240505

 security/vuxml/vuln-2021.xml | 47 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)