Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for tqsllib some time ago. CVE-2009-0124[0]: | The tqsl_verifyDataBlock function in openssl_cert.cpp in American | Radio Relay League (ARRL) tqsllib 2.0 does not properly check the | return value from the OpenSSL EVP_VerifyFinal function, which allows | remote attackers to bypass validation of the certificate chain via a | malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. Unfortunately the vulnerability described above is not important enough to get it fixed via regular security update in Debian stable. It does not warrant a DSA. This is Debian bug #511509. However it would be nice if this could get fixed via a regular point update[1]. Please contact the release team for this. This is an automatically generated mail, in case you are already working on an upgrade this is of course pointless. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0124 [1] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpVvS3KQmPCL.pgp
Description: PGP signature