Package: openssl Version: 0.9.8g-15 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for openssl.
CVE-2009-0653[0]: | OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an | intermediate CA-signed certificate, which allows remote attackers to | spoof the certificates of trusted sites via a man-in-the-middle | attack, a related issue to CVE-2002-0970. I wasn't really sure about this issue, so could you maybe state your opinion on it? If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0653 http://security-tracker.debian.net/tracker/CVE-2009-0653 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
