[Secure-testing-team] Bug#691394: opendkim: DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
Scott Kitterman
debian at kitterman.com
Thu Oct 25 05:18:38 UTC 2012
Package: opendkim
Version: 2.0.1+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
See http://www.kb.cert.org/vuls/id/268267, VU#268267
opendkim in squeeze, wheezy, sid offers no method to prevent use of keys
less than 1024 bits. This is added in the new upstream release, 2.6.8, that
was released just for this issue.
More information about the Secure-testing-team
mailing list