Debian Security Advisory 1703-1 - It was discovered that BIND, an implementation of the DNS protocol suite, does not properly check the result of an OpenSSL function which is used to verify DSA cryptographic signatures. As a result, incorrect DNS resource records in zones protected by DNSSEC could be accepted as genuine.
2870f20bb99066f6892b5f6fa5169dbaaf0c0c11caa6558bdfeb5f57ca91f20e