diff -u lasso-0.6.3/debian/changelog lasso-0.6.3/debian/changelog
--- lasso-0.6.3/debian/changelog
+++ lasso-0.6.3/debian/changelog
@@ -1,3 +1,12 @@
+lasso (0.6.3-4ubuntu1.1) dapper-security; urgency=low
+
+  * SECURITY UPDATE: lasso does not properly check the return value from the
+    OpenSSL DSA_verify function (LP: #317181).
+    - lasso/xml/tools.c: Correctly check for signature validity.
+    - CVE-2009-0050
+
+ -- Stefan Lesicnik <stefan@lsd.co.za>  Wed, 14 Jan 2009 20:26:34 +0200
+
 lasso (0.6.3-4ubuntu1) dapper; urgency=low
 
   * Resynchronise with Debian.
only in patch2:
unchanged:
--- lasso-0.6.3.orig/lasso/xml/tools.c
+++ lasso-0.6.3/lasso/xml/tools.c
@@ -499,7 +499,7 @@
 		status = DSA_verify(NID_sha1, (unsigned char*)digest, 20, signature, key_size, dsa);
 	}
 
-	if (status == 0) {
+	if (status != 1) {
 		ret = LASSO_DS_ERROR_INVALID_SIGNATURE;
 	}