ntp (1:4.2.4p4+dfsg-7ubuntu3) jaunty; urgency=low
* SECURITY UPDATE: clients treat malformed signatures as good when verifying
server DSA and ECDSA certificates.
- debian/patches/CVE-2009-0021.patch: update ntpd/ntp_crypto.c to properly
check the return code of EVP_VerifyFinal()
- CVE-2009-0021
** Changed in: ntp (Ubuntu)
Status: Fix Committed => Fix Released
--
OpenSSL signature verification API misuses
https://bugs.launchpad.net/bugs/314776
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
