On Thu, October 25, 2012 07:18, Scott Kitterman wrote: > Package: opendkim > Version: 2.0.1+dfsg-1 > Severity: grave > Tags: security upstream > Justification: user security hole > > See http://www.kb.cert.org/vuls/id/268267, VU#268267 > > opendkim in squeeze, wheezy, sid offers no method to prevent use of keys > less than 1024 bits. This is added in the new upstream release, 2.6.8, > that > was released just for this issue.
Thanks for your quick action on this. But is it really a user security hole? The responsibility is with users not to use unsafe key sizes. GnuPG works with small key sizes, I do not see that as a user security hole per se. Of course this proactive measure can help to prevent mistakes, so if possible it would be good if we could still get this into wheezy. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
