Candidate: CVE-2009-0591
PublicDate: 2009-03-27 16:30:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0591
 http://www.openssl.org/news/secadv_20090325.txt
Description:
 The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is
 enabled, does not properly handle errors associated with malformed signed
 attributes, which allows remote attackers to repudiate a signature that
 originally appeared to be valid but was actually invalid.
Ubuntu-Description: 
Notes: 
 jdstrand> only present in OpenSSL 0.9.8h and later
Bugs: 
Priority: low
Discovered-by: Ivan Nestlerode
Assigned-to: 
CVSS: 

Patches_openssl:
upstream_openssl: released (0.9.8k)
dapper_openssl: not-affected (0.9.8a-7ubuntu0.6)
gutsy_openssl: not-affected (0.9.8e-5ubuntu3.3)
hardy_openssl: not-affected (0.9.8g-4ubuntu3.4)
intrepid_openssl: not-affected (0.9.8g-10.1ubuntu2.1)
devel_openssl: not-affected (0.9.8g-15ubuntu1)