CVE-2019-16378 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Signature forgery
Description	OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1620	opendmarc	1.3.3-2	1.4.0-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2019/09/11/8 https://github.com/trusteddomainproject/OpenDMARC/blob/develop/SECURITY/CVE-2019-20970 https://github.com/trusteddomainproject/OpenDMARC/pull/48 https://github.com/trusteddomainproject/OpenDMARC/commit/bdcda9beceb38fe5dacba09fb41fb4f866249326

References

https://www.openwall.com/lists/oss-security/2019/09/11/8
https://github.com/trusteddomainproject/OpenDMARC/blob/develop/SECURITY/CVE-2019-20970
https://github.com/trusteddomainproject/OpenDMARC/pull/48
https://github.com/trusteddomainproject/OpenDMARC/commit/bdcda9beceb38fe5dacba09fb41fb4f866249326