Debian Security Advisory 5539-1

Debian Linux Security Advisory 5539-1 - It was reported that incorrect bound checks in the dsaVerify function in node-browserify-sign, a Node.js library which adds crypto signing for browsers, allows an attacker to perform signature forgery attacks by constructing signatures that can be successfully verified by any public key.

advisory attacker attacks browsers crypto debian forgery function key library linux linux security node node.js public public key security security advisory sign signature signatures signing verified