CVE-2009-0130

Priority
Description
** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not properly
check the return value from the OpenSSL DSA_do_verify function, which might
allow remote attackers to bypass validation of the certificate chain via a
malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
NOTE: a package maintainer disputes this issue, reporting that there is a
proper check within the only code that uses the applicable part of
crypto_drv.c, and thus "this report is invalid."
Notes
 mdeslaur> may not be an issue per debian bug report
 mdeslaur> let's ignore this
Package
Upstream:needs-triage
More Information

Updated: 2019-09-19 16:07:53 UTC (commit 0f3988df17baa8f5e13f32406a0b0e19d5b2f865)