<div dir="ltr">Good luck getting this fix into a release.  We're still waiting for a RHEL7 RPM of opendmarc with a CRITICAL patch made available nearly 2 years ago incorporated.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Sep 19, 2019 at 8:53 AM Benny Pedersen <<a href="mailto:me@junc.eu">me@junc.eu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">A. Schulze skrev den 2019-09-11 18:50:<br>
<br>
> Golem, a german online IT magazin, reported about a Bug in OpenDMARC.<br>
> <a href="https://www.golem.de/news/opendmarc-aktiv-ausgenutzte-dmarc-sicherheitsluecke-ohne-fix-1909-143798.html" rel="noreferrer" target="_blank">https://www.golem.de/news/opendmarc-aktiv-ausgenutzte-dmarc-sicherheitsluecke-ohne-fix-1909-143798.html</a><br>
> <br>
> Protonmail found that bug actively used<br>
> <a href="https://protonmail.com/blog/bellingcat-cyberattack-phishing/" rel="noreferrer" target="_blank">https://protonmail.com/blog/bellingcat-cyberattack-phishing/</a><br>
> <br>
> Also there is a proposed fix available as pull request on GitHub<br>
> <a href="https://github.com/trusteddomainproject/OpenDMARC/pull/48" rel="noreferrer" target="_blank">https://github.com/trusteddomainproject/OpenDMARC/pull/48</a><br>
> <br>
> This message is intended only to relay that info unfiltered to the <br>
> list.<br>
<br>
i just like to see more patches, not updated tarballs :(/<br>
<br>
will make a gentoo bug now, to have it solved there<br>
<br>
have opendkim, openarc same fails with multiple from ?<br>
<br>
thanks for the heads up<br>
_______________________________________________<br>
opendmarc-users mailing list<br>
<a href="mailto:opendmarc-users@trusteddomain.org" target="_blank">opendmarc-users@trusteddomain.org</a><br>
<a href="http://www.trusteddomain.org/mailman/listinfo/opendmarc-users" rel="noreferrer" target="_blank">http://www.trusteddomain.org/mailman/listinfo/opendmarc-users</a><br>
</blockquote></div>