*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: openssl CVE-2009-0653 description from the NVD: "OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970." http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0653 Ubuntu security tracker: http://people.ubuntu.com/~ubuntu-security/cve/2009/CVE-2009-0653.html ** Affects: openssl (Ubuntu) Importance: Undecided Status: New ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0653 ** Visibility changed to: Public -- CVE-2009-0653: OpenSSL does not verify the Basic Constraints for an intermediate CA-signed certificate https://bugs.launchpad.net/bugs/339834 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
