Candidate: CVE-2009-0049
PublicDate: 2009-01-07 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0049
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511261
Description:
 Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check
 the return value from the OpenSSL EVP_VerifyFinal function, which allows
 remote attackers to bypass validation of the certificate chain via a
 malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability
 to CVE-2008-5077.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_belpic:
upstream_belpic: released (2.6.0-6)
dapper_belpic: ignored (reached end-of-life)
gutsy_belpic: needed (reached end-of-life)
hardy_belpic: ignored (reached end-of-life)
intrepid_belpic: needed (reached end-of-life)
jaunty_belpic: not-affected (2.6.0-6)
karmic_belpic: not-affected
lucid_belpic: not-affected
maverick_belpic: DNE
natty_belpic: DNE
oneiric_belpic: DNE
devel_belpic: DNE