Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
Please see the following:
(or just search current news for "DigiNotar", optionally in conjunction
with "gmail" or "google".)
Whatever resolution Mozilla and others end up with (revocation of the
certificate or of the entire CA), ca-certificates will likely need to
do the same.
- Josh Triplett