Package: konqueror Version: 4:3.5.8.dfsg.1-2 Severity: important Tags: security
>From CVE-2007-6591: "KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site." There is more info at http://nils.toedtmann.net/pub/subjectAltName.txt and http://www.securityfocus.com/archive/1/483942/100/100/threaded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
