[Bug 314776] Re: OpenSSL signature verification API misuses

Jamie Strandboge jamie at ubuntu.com
Thu Jan 8 18:52:01 GMT 2009

ntp (1:4.2.4p4+dfsg-7ubuntu3) jaunty; urgency=low

  * SECURITY UPDATE: clients treat malformed signatures as good when verifying
    server DSA and ECDSA certificates.
    - debian/patches/CVE-2009-0021.patch: update ntpd/ntp_crypto.c to properly
      check the return code of EVP_VerifyFinal()
    - CVE-2009-0021

** Changed in: ntp (Ubuntu)
       Status: Fix Committed => Fix Released

OpenSSL signature verification API misuses
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in ubuntu.

More information about the Ubuntu-server-bugs mailing list