Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 17 Sep 2019 14:57:34 -0400
From: Thomas Ward <>
To:, Alyssa Ross <>,
 Hanno Böck <>
Subject: Re: OpenDMARC buffer overflows

On 9/17/19 2:20 PM, Alyssa Ross wrote:
> Hanno Böck <> writes:
>> In light of the recent OpenDMARC issue I had a look at their Github PR
>> tracker. This one
>> caught my attention.
> So a signature bypass, a buffer overflow, and no activity in years
> despite vulnerabilities having been reported months ago?
> Certainly doesn't look like software that people should be relying on
> for security...

... which is why I think distros are distro-patching it, like Scott 
Kitterman is doing for Debian.

I have a host of other detections in line with OpenDMARC for detecting 
invalid message structure, though, but it's definitely concerning to see 
something like this - one of the few DMARC checkers that actually exists 
in the OSS world - to be so behind from a Security perspective...

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.