ELA-926-1 opendmarc security update
Package : opendmarc
Version : 1.3.2+ds-0+deb9u1 (stretch)
Related CVEs :
OpenDMARC when used with pypolicyd-spf 2.0.2, allows attacks that bypass
SPF and DMARC authentication in situations where the HELO field is
inconsistent with the MAIL FROM field.
OpenDMARC allows attacks that inject authentication results to provide
false information about the domain that originated an e-mail message. This
is caused by incorrect parsing and interpretation of SPF/DKIM
authentication results, as demonstrated by the example.net(.example.com
An opendmarc security update has been released for Debian GNU/Linux 9 Extended LTS to address two security issues.