-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2009-09-08 14:59:05 UTC
-
Revision ID:
james.westby@ubuntu.com-20090908145905-chzaajzrg9lmw7o5
Tags: 0.9.8g-16ubuntu3
* SECURITY UPDATE: certificate spoofing via hash collisions from MD2
design flaws.
- crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
- crypto/x509/x509_vfy.c: skip signature check for self signed
certificates
- http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
- http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
- CVE-2009-2409