It was discovered that OpenSSL does not properly verify DSA signatures on X.509 certificates due to an API misuse, potentially leading to the acceptance of incorrect X.509 certificates as genuine . For the stable distribution , this problem has been fixed in version 0.9.8c-4etch4 of the openssl package, and version 0.9.7k-3.1etch2 of the openssl097 package. For the unstable distribution , this problem has been fixed in version 0.9.8g-15. The testing distribution will be fixed soon. We recommend that you upgrade your OpenSSL packages.