Package: libcrypt-openssl-dsa-perl Severity: serious Tags: security Hi,
I've been checking packages to see if they properly check the return value of some of the functions in openssl. It seems that your package calls functions like DSA_verify and DSA_do_verify and just returns those values. Looking at the documentation, it seems to suggest that != 0 would mean that it was succesful. However those functions can also return -1 on failure. This would then mean that other applications making use of this could wrongly check the return value. Kurt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
