The vulnerability is caused due to Psi not properly setting the text format when displaying certificate information, which can be exploited to spoof certificates via e.g. certificates containing specially crafted RTF data in the Common Name (CN) field. Reference: CVE-2011-{3365,3366,3367}
*** This bug has been marked as a duplicate of bug 384227 ***
Michael and Agostino. Will psi require its own fix, so should this bug stay open? If not, do we need to request a fixed version of psi in bug 384227? Tnx.
Tim, imho psi appears a bit dead upstream. Last version was out in dec 2009. A better solution should be: if upstream does not care in a a time established by us, or maintainers/anyone does not produce a patch, we can drop it from main tree. I'll talk with maintainer
Thanks Ago, it looked like it might be a separate fix to me, but wasn't sure, so I just referenced the other CVEs.