Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On Tuesday 06 September 2011 08:19:27 Mike Hommey wrote:
> On Tue, Sep 06, 2011 at 03:03:27PM +0200, Giuseppe Iuculano wrote:
> > On 09/04/2011 09:20 PM, Raphael Geissert wrote:
> > > Giuseppe, do you already have plans for updating chromium? (more info
> > > on the CCed bug.)
> > chromium uses libnss, please explain, what kind of update chromium
> > needs? did I miss something?
> You missed the part where chromium uses libpkix (despite mozilla
> saying it's not ready), and the libpkix path doesn't reject the certs
> chaining to the Explicitly Disabled CAs.
Giuseppe, in case you missed it: according to  "Chromium needs an update to
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net