Package: openssl Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for openssl.
CVE-2009-0590[0]: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. This was just fixed in ubuntu [1]. Please coordinate with the security team to release fixes for the stable releases. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590 http://security-tracker.debian.net/tracker/CVE-2009-0590 [1] http://www.ubuntu.com/usn/usn-750-1 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
