CVE-2007-6591

NameCVE-2007-6591
DescriptionKDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs458968

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kdebasesource(unstable)4:4.0.3-1low458968

Notes

[etch] - kdebase <no-dsa> (Minor issue)
[lenny] - kdebase <no-dsa> (Minor issue)
filed http://bugs.kde.org/show_bug.cgi?id=154921
No longer occurs in KDE 4.0.3 according to upstream bug
Search for package or bug name: Reporting problems