Debian Linux Security Advisory 1934-1 - A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability.
6409dd2b27e3773afb6cdd3372de85e981de22305a7cd297954a8af170e4460d