openssl (0.9.8g-14ubuntu2) jaunty; urgency=low
* SECURITY UPDATE: clients treat malformed signatures as good when verifying
server DSA and ECDSA certificates
- update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
- patch based on upstream patch for #2008-016
- CVE-2008-5077
--
OpenSSL signature verification API misuses
https://bugs.launchpad.net/bugs/314776
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
