It was reported that incorrect bound checks in the dsaVerify function in node-browserify-sign, a Node.js library which adds crypto signing for browsers, allows an attacker to perform signature forgery attacks by constructing signatures that can be successfully verified by any public key.
https://security-tracker.debian.org/tracker/DSA-5539-1
Continue reading...
https://security-tracker.debian.org/tracker/DSA-5539-1
Continue reading...