CVE-2009-0653

Priority
Description
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an
intermediate CA-signed certificate, which allows remote attackers to spoof
the certificates of trusted sites via a man-in-the-middle attack, a related
issue to CVE-2002-0970.
Notes
mdeslaurupstream says this was fixed in 0.9.5
http://marc.info/?l=openssl-dev&m=123603013118058&w=3
Package
Upstream:released (0.9.5)
More Information

Updated: 2020-09-10 01:08:54 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)