Package: dkimpy Version: 0.5.2-1 Severity: grave Tags: security upstream Justification: user security hole
python-dkim does not limit key lengths used to validate signatures. see http://www.kb.cert.org/vuls/id/268267 for details. This is addressed by a new upstream release, 0.5.3. I imagine that like the similar opendkim bug, this will not be considered by the security team something warranting a security update, but good to get in Wheezy. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
