[Secure-testing-team] Bug#691662: dkimpy: Uses insecure keys to verify SKIM signatures
Scott Kitterman
debian at kitterman.com
Sun Oct 28 09:04:33 UTC 2012
Package: dkimpy
Version: 0.5.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
python-dkim does not limit key lengths used to validate signatures.
see http://www.kb.cert.org/vuls/id/268267 for details.
This is addressed by a new upstream release, 0.5.3.
I imagine that like the similar opendkim bug, this will not
be considered by the security team something warranting a
security update, but good to get in Wheezy.
More information about the Secure-testing-team
mailing list