Bug 240505 - mail/opendmarc: fix multiple addresses in From vulnerability
Summary: mail/opendmarc: fix multiple addresses in From vulnerability
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Kurt Jaeger
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2019-09-11 12:40 UTC by Kurt Jaeger
Modified: 2021-12-30 03:28 UTC (History)
7 users (show)

See Also:
koobs: merge-quarterly+


Attachments
patch (2.40 KB, patch)
2019-09-11 12:40 UTC, Kurt Jaeger
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Kurt Jaeger freebsd_committer freebsd_triage 2019-09-11 15:53:16 UTC
testbuilds are fine
Comment 2 Xin LI freebsd_committer freebsd_triage 2019-09-15 05:09:15 UTC
Please go ahead with the change with ports-secteam@ blessing.
Comment 3 commit-hook freebsd_committer freebsd_triage 2019-09-15 09:51:35 UTC
A commit references this bug:

Author: pi
Date: Sun Sep 15 09:51:21 UTC 2019
New revision: 512093
URL: https://svnweb.freebsd.org/changeset/ports/512093

Log:
  mail/opendmarc: fix multiple addresses in From vulnerability

  - please note that it might only be a partial fix, see
    https://github.com/trusteddomainproject/OpenDMARC/pull/48#issuecomment-530375590

  PR:		240505
  Reported by:	protonmail
  Approved by:	ports-secteam (delphij)
  Obtained from:	https://github.com/trusteddomainproject/OpenDMARC/pull/48
  MFH:		2019Q3
  Security:	https://protonmail.com/blog/bellingcat-cyberattack-phishing/

Changes:
  head/mail/opendmarc/Makefile
  head/mail/opendmarc/files/patch-libopendmarc_tests_test__finddomain.c
  head/mail/opendmarc/files/patch-opendmarc_opendmarc.c
Comment 4 commit-hook freebsd_committer freebsd_triage 2019-09-15 09:57:37 UTC
A commit references this bug:

Author: pi
Date: Sun Sep 15 09:57:34 UTC 2019
New revision: 512094
URL: https://svnweb.freebsd.org/changeset/ports/512094

Log:
  MFH: r512093

  mail/opendmarc: fix multiple addresses in From vulnerability

  - please note that it might only be a partial fix, see
    https://github.com/trusteddomainproject/OpenDMARC/pull/48#issuecomment-530375590

  PR:		240505
  Reported by:	protonmail
  Approved by:	ports-secteam (delphij)
  Obtained from:	https://github.com/trusteddomainproject/OpenDMARC/pull/48
  Security:	https://protonmail.com/blog/bellingcat-cyberattack-phishing/

Changes:
_U  branches/2019Q3/
  branches/2019Q3/mail/opendmarc/Makefile
  branches/2019Q3/mail/opendmarc/files/patch-libopendmarc_tests_test__finddomain.c
  branches/2019Q3/mail/opendmarc/files/patch-opendmarc_opendmarc.c
Comment 5 Kurt Jaeger freebsd_committer freebsd_triage 2020-07-14 10:07:41 UTC
probably needs vuxml entry ?
Comment 6 Jochen Neumeister freebsd_committer freebsd_triage 2020-07-24 08:50:47 UTC
(In reply to Kurt Jaeger from comment #5)

Yes, please. This is a CVE Security Update.
Comment 7 Dan Mahoney 2021-12-21 20:24:46 UTC
Feel free to assign this to me, and resolve, once 260594 is merged.
Comment 8 Kubilay Kocak freebsd_committer freebsd_triage 2021-12-25 10:42:09 UTC
@Kurt Did this port update ever get a VuXMl entry?
Comment 9 Kubilay Kocak freebsd_committer freebsd_triage 2021-12-25 10:52:40 UTC
See bug 260594 comment 4
Comment 10 commit-hook freebsd_committer freebsd_triage 2021-12-30 03:26:28 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=af45137ac99e6fa40aaba0cfdca4f3c9ced89eb5

commit af45137ac99e6fa40aaba0cfdca4f3c9ced89eb5
Author:     Dan Mahoney <freebsd@gushi.org>
AuthorDate: 2021-12-29 04:41:37 +0000
Commit:     Philip Paeps <philip@FreeBSD.org>
CommitDate: 2021-12-30 03:23:33 +0000

    security/vuxml: OpenDMARC 1.3.2 vulnerabilities

    PR:             240505

 security/vuxml/vuln-2021.xml | 47 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)