Debian Linux Security Advisory 5539-1 - It was reported that incorrect bound checks in the dsaVerify function in node-browserify-sign, a Node.js library which adds crypto signing for browsers, allows an attacker to perform signature forgery attacks by constructing signatures that can be successfully verified by any public key.
bd4d2f5bb4a56492acf5a0f3f5a7176edb7f3f2a9e00ffd9fa12ec5357176f21