Source: opendmarc Version: 1.4.0~beta1+dfsg-2 Severity: important Tags: security upstream Forwarded: https://github.com/trusteddomainproject/OpenDMARC/issues/64 X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> Control: found -1 1.3.2-6+deb10u1 Control: found -1 1.3.2-6
Hi, The following vulnerability was published for opendmarc. CVE-2020-12460[0]: | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper | null termination in the function opendmarc_xml_parse that can result | in a one-byte heap overflow in opendmarc_xml when parsing a specially | crafted DMARC aggregate report. This can cause remote memory | corruption when a '\0' byte overwrites the heap metadata of the next | chunk and its PREV_INUSE flag. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-12460 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12460 [1] https://github.com/trusteddomainproject/OpenDMARC/issues/64 Regards, Salvatore
