CVE-2007-6591

Name	CVE-2007-6591
Description	KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	458968

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
kdebase	source	(unstable)	4:4.0.3-1	low		458968

Notes

[etch] - kdebase <no-dsa> (Minor issue)
[lenny] - kdebase <no-dsa> (Minor issue)
filed http://bugs.kde.org/show_bug.cgi?id=154921
No longer occurs in KDE 4.0.3 according to upstream bug