Fedora 9 Update: tqsllib-2.0-5.fc9
Summary
The TrustedQSL library is used for generating digitally signed
QSO records (records of Amateur Radio contacts). This package
contains the library and configuration files needed to run
TrustedQSL applications.
The TrustedQSL library incorrectly checked the result after calling the
EVP_VerifyFinal function, allowing a malformed signature to be treated as a good
signature rather than as an error. Package includes a patch to fix
EVP_VerifyFinal result check.
* Mon Jan 12 2009 Lucian Langa
- modify patch0 to include fix for #479650 (CVE-2008-5077 related)
[ 1 ] Bug #479650 - tqsllib: OpenSSL incorrect checks for malformed signatures
https://bugzilla.redhat.com/show_bug.cgi?id=479650
su -c 'yum update tqsllib' at the command line.
For more information, refer to "Managing Software with yum",
available at .
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
FEDORA-2009-0543 2009-01-14 23:38:30 Product : Fedora 9 Version : 2.0 Release : 5.fc9 URL : https://sourceforge.net/projects/trustedqsl/ Summary : The TrustedQSL library Description : The TrustedQSL library is used for generating digitally signed QSO records (records of Amateur Radio contacts). This package contains the library and configuration files needed to run TrustedQSL applications. The TrustedQSL library incorrectly checked the result after calling the EVP_VerifyFinal function, allowing a malformed signature to be treated as a good signature rather than as an error. Package includes a patch to fix EVP_VerifyFinal result check. * Mon Jan 12 2009 Lucian Langa - 2.0-5 - modify patch0 to include fix for #479650 (CVE-2008-5077 related) [ 1 ] Bug #479650 - tqsllib: OpenSSL incorrect checks for malformed signatures https://bugzilla.redhat.com/show_bug.cgi?id=479650 su -c 'yum update tqsllib' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce
Change Log
References