Your message dated Tue, 30 Oct 2012 13:32:47 +0000 with message-id <e1ttbvz-0003xi...@franck.debian.org> and subject line Bug#691394: fixed in opendkim 2.6.8-2 has caused the Debian Bug report #691394, regarding opendkim: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 691394: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691394 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: opendkim Version: 2.0.1+dfsg-1 Severity: grave Tags: security upstream Justification: user security hole See http://www.kb.cert.org/vuls/id/268267, VU#268267 opendkim in squeeze, wheezy, sid offers no method to prevent use of keys less than 1024 bits. This is added in the new upstream release, 2.6.8, that was released just for this issue.
--- End Message ---
--- Begin Message ---Source: opendkim Source-Version: 2.6.8-2 We believe that the bug you reported is fixed in the latest version of opendkim, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 691...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Scott Kitterman <sc...@kitterman.com> (supplier of updated opendkim package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 30 Oct 2012 12:51:42 +0000 Source: opendkim Binary: opendkim opendkim-tools libopendkim7 libopendkim-dev libvbr2 libvbr-dev Architecture: source amd64 Version: 2.6.8-2 Distribution: unstable Urgency: low Maintainer: Mike Markley <m...@markley.org> Changed-By: Scott Kitterman <sc...@kitterman.com> Description: libopendkim-dev - Headers and development libraries for the OpenDKIM library libopendkim7 - Library for signing and verifying DomainKeys Identified Mail sign libvbr-dev - Headers and development libraries for the OpenDKIM VBR library libvbr2 - Library for RFC 5518 Vouch By Reference (VBR) opendkim - Milter implementation of DomainKeys Identified Mail opendkim-tools - Set of command line tools for OpenDKIM Closes: 691394 Changes: opendkim (2.6.8-2) unstable; urgency=low . * No-change upload to unstable . opendkim (2.6.8-1) experimental; urgency=low . * New upstream security release to add capability to exclude use of insecure keys (Closes: #691394, LP: #1071139) . opendkim (2.6.7-1) experimental; urgency=low . * New upstream release - Drop obsolete configure option enable-selector_header . opendkim (2.6.6-1) experimental; urgency=low . * New upstream release . opendkim (2.6.4-1) experimental; urgency=low . * New upstream release Checksums-Sha1: 134d6df85f58ae0468078dae6863109d5e4ceb4d 2037 opendkim_2.6.8-2.dsc 0cc40fba3e34e3e8e624e38bf99a20cdbcae6340 13237 opendkim_2.6.8-2.diff.gz f0bfd90a8e0a9dc41b3f7d85a812b5594a9c6d6b 176954 opendkim_2.6.8-2_amd64.deb 4366c7afd977b24678aa223d574b7be3d38b3dff 167846 opendkim-tools_2.6.8-2_amd64.deb c0b818c6c977902e75d6bdc5d3692fb5b8f1e4cc 86740 libopendkim7_2.6.8-2_amd64.deb 949d8f75f7ad00cf78499e1688d07e633181ba41 173570 libopendkim-dev_2.6.8-2_amd64.deb 0d9113b4d808d6e2abe47b617352efc1fb28c2e7 34924 libvbr2_2.6.8-2_amd64.deb 656f7e0078465b1122f774d09461832d33ccdbac 39628 libvbr-dev_2.6.8-2_amd64.deb Checksums-Sha256: 35f3248871362f267ac278705f1d0f3abbab4b279c778c984733971130b6c4fa 2037 opendkim_2.6.8-2.dsc cb72f94978b850c2af540550b625dab0e61362f3f37ce0bd8a0b2c64ebdf2e6a 13237 opendkim_2.6.8-2.diff.gz c5fcafd0168351ff77be1f6192799bd0056cc34066d730a44a977d1e3a93c6fa 176954 opendkim_2.6.8-2_amd64.deb f883a99e7750f0d21cf6529a5fe53525da971e142149dee84da0880f6de0e859 167846 opendkim-tools_2.6.8-2_amd64.deb 8b87e2667ab43a95af7611e363ecd06925be3f00d265224bd4c7739128d1fdae 86740 libopendkim7_2.6.8-2_amd64.deb a9987e5a3d53182f058aeb36b0f9dd1219a0be2eb220a786daf88ec64326eabb 173570 libopendkim-dev_2.6.8-2_amd64.deb a8e254b190c19f6172f240cbb0e49246e7f6b14ac902cf663d72dbe678db176a 34924 libvbr2_2.6.8-2_amd64.deb f130abb531d4f566b5f6ad8aacffe579b09a4d3fbc7ebdff1a0151fec82e718f 39628 libvbr-dev_2.6.8-2_amd64.deb Files: c527608444eea305abdf805467772cfd 2037 mail extra opendkim_2.6.8-2.dsc dc4d43a63f9691729ae9bc7eef27f7ea 13237 mail extra opendkim_2.6.8-2.diff.gz 858717f4b37885e8b4434d1ef064f649 176954 mail extra opendkim_2.6.8-2_amd64.deb c12c8053fa606c59d6a1b111f5aa1055 167846 mail extra opendkim-tools_2.6.8-2_amd64.deb e357c249e6a54eb9dfb6fbc5a745ce22 86740 libs extra libopendkim7_2.6.8-2_amd64.deb 9cefe36930a9fcd911f8ea3232ce4778 173570 libdevel extra libopendkim-dev_2.6.8-2_amd64.deb 484b09ee51dc10c84f2b91b5185fab8d 34924 libs extra libvbr2_2.6.8-2_amd64.deb 1e003607fe8eeb7799ea9a22e187b224 39628 libdevel extra libvbr-dev_2.6.8-2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCgAGBQJQj9WQAAoJEONS1cUcUEHU3YEP/2wc2vcj/8wrTq0nyb2514q6 Gwf8udIkLrrOVOhDWtm2cTvjyrt+tIZeHxXLFO9Hqs11MFeb6WmRwc74FODUkfFn XVANiBUr1iEoo+Tgv2A/8RTNOcX7E3m2muzY+WZ4fSoudcOInROCFM+7P0o5830Z OyjfuUiEequ5JNZM3n1RKrGGQ2QrwMyui/37z5yeavsmR0Kzx7ZcADABAFBaCLcG pf1WLL1NuEvzHmUuUdA/EsCgpdIL4zV5w2VtBEHWgLEbmMgpf80UWj9GHCvgkdF0 d4lP4Oq/OfW1Dx4V3N3r0mPqFwraOYPXXmeQPV2ETwIrGTgk2YTNavFqVhLZX7Ff PB+LSPIXf98jFv0vJaedG4hOlApNAhVEtxJaTblrCrZ5621db3+/qeT2mTB9kced NX2C+LSPBTg4qYTSinZ8wDD2mF6+PQrOSRORrjExKLtWB9P0zMyC+v8Gea2ZMiSl LJX/OCoyzE90BIT5vfMPxK81r+nDZ8dy9CYXswIN4l2V83mfL+iuijn9FvQ3Gfsj LJS7I5cm1ef32zAEb2KMQNStDcNAwzOj6E67YgRXtmEfJTxM904p01fUlZhpAZtw oFaog9NLzvqq0CBuLWRKIDN3d5zXQzRmCQI22DNiGCMlpCCfmaikWKHguT1nlqay TsHxz1LwfCVsFfldwYW+ =D9am -----END PGP SIGNATURE-----
--- End Message ---
