-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2009-01-06 01:04:53 UTC
-
Revision ID:
james.westby@ubuntu.com-20090106010453-wvzyxaz52328fm6e
Tags: 0.9.8a-7ubuntu0.6
* SECURITY UPDATE: clients treat malformed signatures as good when verifying
server DSA and ECDSA certificates
- update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
- patch based on upstream patch for #2008-016
- CVE-2008-5077