Bug#546218: marked as done (CVE-2009-2702: KDE KSSL NULL Character Certificate Spoofing Vulnerability)

To: Sune Vuorela <Sune@vuorela.dk>
Subject: Bug#546218: marked as done (CVE-2009-2702: KDE KSSL NULL Character Certificate Spoofing Vulnerability)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 11 Oct 2009 11:06:46 +0000
Message-id: <[🔎] handler.546218.D546218.125525849721584.ackdone@bugs.debian.org>
References: <200910111251.00963.Sune@vuorela.dk> <20090911172022.8059.54779.reportbug@blog-devel.iuculano.it>

Your message dated Sun, 11 Oct 2009 12:51:00 +0200
with message-id <200910111251.00963.Sune@vuorela.dk>
and subject line CVE-2009-2702: KDE KSSL NULL Character Certificate Spoofing Vulnerability
has caused the Debian Bug report #546218,
regarding CVE-2009-2702: KDE KSSL NULL Character Certificate Spoofing Vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
546218: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546218
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2009-2702: KDE KSSL NULL Character Certificate Spoofing Vulnerability
From: Giuseppe Iuculano <giuseppe@iuculano.it>
Date: Fri, 11 Sep 2009 19:20:22 +0200
Message-id: <20090911172022.8059.54779.reportbug@blog-devel.iuculano.it>

Package: kdelibs,kde4libs
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for kdelibs and kde4libs.

CVE-2009-2702[0]:
| KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
| '\0' character in a domain name in the Subject Alternative Name field
| of an X.509 certificate, which allows man-in-the-middle attackers to
| spoof arbitrary SSL servers via a crafted certificate issued by a
| legitimate Certification Authority, a related issue to CVE-2009-2408.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2702
    http://security-tracker.debian.net/tracker/CVE-2009-2702

Cheers,
Giuseppe

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqqhtMACgkQNxpp46476ao+jQCgjGZaW64GZRrVZpcGFAxW4+Ap
FpMAn2EWIhIe+Qgd0RBvO3abWnsLtRF2
=LoWY
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

To: 546218-done@bugs.debian.org

Subject: CVE-2009-2702: KDE KSSL NULL Character Certificate Spoofing Vulnerability

From: Sune Vuorela <Sune@vuorela.dk>

Date: Sun, 11 Oct 2009 12:51:00 +0200

Message-id: <200910111251.00963.Sune@vuorela.dk>
Version: 4:4.3.2-1

/Sune
-- 
I cannot load the secret password from Excel, how does it work?

From the panel within AutoCAD you have to cancel a pointer for unmounting a 
bus over the memory over the Fast SIMM.
--- End Message ---

Reply to:

Prev by Date: Bug#548953: marked as done (system-config-printer-kde segfaults on start)
Next by Date: Bug#541994: [plasma-dataengines-workspace] plasma crashed at startup
Previous by thread: Bug#548953: marked as done (system-config-printer-kde segfaults on start)
Next by thread: Bug#541994: [plasma-dataengines-workspace] plasma crashed at startup
Index(es):
- Date
- Thread