bind9 (1:9.5.0.dfsg.P2-5ubuntu1) jaunty; urgency=low
* SECURITY UPDATE: clients treat malformed signatures as good when verifying
server DSA and ECDSA certificates.
- update lib/dns/openssldsa_link.c to properly check the return code of
DSA_do_verify()
- CVE-2009-0025
** Changed in: bind9 (Ubuntu)
Status: Fix Committed => Fix Released
--
OpenSSL signature verification API misuses
https://bugs.launchpad.net/bugs/314776
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
