| Package | opendmarc |
|---|---|
| Version | 1.3.2+ds-0+deb9u1 (stretch) |
| Related CVEs | CVE-2019-20790 CVE-2020-12272 |
CVE-2019-20790
OpenDMARC when used with pypolicyd-spf 2.0.2, allows attacks that bypass
SPF and DMARC authentication in situations where the HELO field is
inconsistent with the MAIL FROM field.
CVE-2020-12272
OpenDMARC allows attacks that inject authentication results to provide
false information about the domain that originated an e-mail message. This
is caused by incorrect parsing and interpretation of SPF/DKIM
authentication results, as demonstrated by the example.net(.example.com
substring.
For Debian 9 stretch, these problems have been fixed in version 1.3.2+ds-0+deb9u1.
We recommend that you upgrade your opendmarc packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.