Bug#619587: marked as done (FW: ca-certificate: blacklist invalid certs)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Wed, 26 Oct 2011 18:32:15 +0000
with message-id <E1RJ8Gt-0003D0-IU@franck.debian.org>
and subject line Bug#619587: fixed in ca-certificates 20111025
has caused the Debian Bug report #619587,
regarding FW: ca-certificate: blacklist invalid certs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
619587: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619587
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: <submit@bugs.debian.org>
• Subject: FW: ca-certificate: blacklist invalid certs
• From: giff g <giffgilll@hotmail.com>
• Date: Fri, 25 Mar 2011 11:40:48 +0000
• Message-id: <COL117-W50EE147A887E3848130838A3B90@phx.gbl>
• In-reply-to: <COL117-W2591E9E78D6C404A81AFA9A3B60@phx.gbl>
• References: <COL117-W2591E9E78D6C404A81AFA9A3B60@phx.gbl>

Package: ca-certificate
Version: 20090814+nmu2

---

From: giffgilll@hotmail.com
To: team@security.debian.org
Subject: ca-certificate: blacklist invalid certs
Date: Thu, 24 Mar 2011 13:02:03 +0000

Package: ca-certificate
Version: 20090814+nmu2

Hello!
This is in response to DSA 2200-1 http://lists.debian.org/debian-security-announce/2011/msg00068.html
The issue got fixed for iceweasel but to my understanding this still leaves other browsers, libraries and tools that use TLS/SSL vulnerable. Therefore the fraudulent certificates need to be blacklisted in ca-certificate as well.

Thank you.

--- End Message ---

--- Begin Message ---

• To: 619587-close@bugs.debian.org
• Subject: Bug#619587: fixed in ca-certificates 20111025
• From: Michael Shuler <michael@pbandjelly.org>
• Date: Wed, 26 Oct 2011 18:32:15 +0000
• Message-id: <E1RJ8Gt-0003D0-IU@franck.debian.org>

Source: ca-certificates
Source-Version: 20111025

We believe that the bug you reported is fixed in the latest version of
ca-certificates, which is due to be installed in the Debian FTP archive:

ca-certificates_20111025.dsc
  to main/c/ca-certificates/ca-certificates_20111025.dsc
ca-certificates_20111025.tar.gz
  to main/c/ca-certificates/ca-certificates_20111025.tar.gz
ca-certificates_20111025_all.deb
  to main/c/ca-certificates/ca-certificates_20111025_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 619587@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Shuler <michael@pbandjelly.org> (supplier of updated ca-certificates package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 25 Oct 2011 09:12:10 -0500
Source: ca-certificates
Binary: ca-certificates
Architecture: source all
Version: 20111025
Distribution: unstable
Urgency: low
Maintainer: Michael Shuler <michael@pbandjelly.org>
Changed-By: Michael Shuler <michael@pbandjelly.org>
Description: 
 ca-certificates - Common CA certificates
Closes: 537382 588219 619587 630232 643667
Changes: 
 ca-certificates (20111025) unstable; urgency=low
 .
   [ Michael Shuler ]
   * Add 3.0 (native) source format
   * Add Vcs-Git/Browser fields
   * Add myself as new Maintainer with Uploaders  Closes: #588219
   * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
     Certificates added (+) and removed (-):
     + "AffirmTrust Commercial"
     + "AffirmTrust Networking"
     + "AffirmTrust Premium"
     + "AffirmTrust Premium ECC"
     + "A-Trust-nQual-03"
     + "Bogus Global Trustee"
     + "Bogus GMail"
     + "Bogus Google"
     + "Bogus kuix.de"
     + "Bogus live.com"
     + "Bogus Mozilla Addons"
     + "Bogus Skype"
     + "Bogus Yahoo 1"
     + "Bogus Yahoo 2"
     + "Bogus Yahoo 3"
     + "Certinomis - Autorité Racine"
     + "Certum Trusted Network CA"
     + "Explicitly Distrust DigiNotar Cyber CA"
     + "Explicitly Distrust DigiNotar Cyber CA 2nd"
     + "Explicitly Distrust DigiNotar Root CA"
     + "Explicitly Distrust DigiNotar Services 1024 CA"
     + "Explicitly Distrusted DigiNotar PKIoverheid"
     + "Explicitly Distrusted DigiNotar PKIoverheid G2"
     + "Go Daddy Root Certificate Authority - G2"
     + "Root CA Generalitat Valenciana"
     + "Starfield Root Certificate Authority - G2"
     + "Starfield Services Root Certificate Authority - G2"
     + "TWCA Root Certification Authority"
     - "AOL Time Warner Root Certification Authority 1"
     - "AOL Time Warner Root Certification Authority 2"
     - "DigiNotar Root CA"
     - "Entrust.net Global Secure Personal CA"
     - "Entrust.net Global Secure Server CA"
     - "Entrust.net Secure Personal CA"
     - "IPS Chained CAs root"
     - "IPS CLASE1 root"
     - "IPS CLASE3 root"
     - "IPS CLASEA1 root"
     - "IPS CLASEA3 root"
     - "IPS Timestamping root"
     - "Thawte Personal Freemail CA"
     - "Thawte Time Stamping CA"
   * "Bogus *" CAs above address Comodo MITM 03/11  Closes: #619587
   * Update CAcert-Class 3-Subroot-certificate  Closes: #630232
 .
   [ Steve Langasek ]
   * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
     the way before calling c_rehash, so that symlinks don't accidentally get
     pointed here, breaking openssl certificate verification  LP: #854927
 .
   [ Loïc Minier ]
   * Drop bogus c_rehash on upgrades, which caused issue when
     ca-certificates.crt was still in place; instead, call
     update-ca-certificates --fresh on upgrades to this version, and
     the usual update-ca-certificates otherwise  Closes: #643667, #537382
Checksums-Sha1: 
 fd73ea4f9e085106bdf7979a29121fbf72b47dea 1747 ca-certificates_20111025.dsc
 3c9817265915a43e1a2cd8d88325df3904fbf5ee 298904 ca-certificates_20111025.tar.gz
 949ca2535b927753aa9edeb7afbedac9b793f630 185800 ca-certificates_20111025_all.deb
Checksums-Sha256: 
 3322f8df3c8edfba2a11b03b995f52b953810ddede324433c0ba285b0e3a0c13 1747 ca-certificates_20111025.dsc
 318bbf0f7c0a32adc10105f843148fd0e9e3b013de75645c02ea858652240924 298904 ca-certificates_20111025.tar.gz
 7d743b307ab31138176d6da4fff1f4c7f6bd246b42698662894bfb1b74e55647 185800 ca-certificates_20111025_all.deb
Files: 
 0e3c65cb361b2710ce8626ec53cfeb1c 1747 misc optional ca-certificates_20111025.dsc
 dfd593c9f89e64351aae78b9be588696 298904 misc optional ca-certificates_20111025.tar.gz
 245d8b5bba947b8ae786e0f14459dd18 185800 misc optional ca-certificates_20111025_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIVAwUBTqhQpocvcCxNbiWoAQKEhw//aOuTI95KwsJCv2eTmjMOalK16QgBYApZ
/5Evz0XGl9UD/Ec9H37AEBfwXRdOyOaAJIrV46xzk5J6R+nRWyCViL4czyabuSLh
llLJXAVOx4zyL3BdBN1eDqETrOVD+Y8j5odQfo9Cgmt9ucY4wWVLNNbYLqYlFwpd
rEPHxyYYXGC5riWwEK9+JNKkS4J+AAcy/5oCzqdQFBlyTsLM8cBfscDJQSEvg8Xm
vPm5k7tgzyYn6lUKOPwBg6+/LembJ5D32fRyTWzZk7kZNcs4I6ldwtQG43eUSEPe
E7Wapb+rZLK0IGzBGSCufCGmq7/w7V0URpC9h30m2OVYtijoJkJthE7mhQONjPU3
4K02L2FszF2QMSLU8AGYrLhWCeFfefGhKS0/dIWkDZRc4r2uqIegaBLkH6sUDv4X
2WlzyVN+e/LS7f3Cmx7EUbqol8jOyxF3l49DAaaWap1z25mZqxoi6MaqNDk46VOn
+9iHXxV1ZVSxKuDaOAYD5HCUA0gL4ggvZk5+ZsvJV2iwmmXJ24tFNa9+Lvz3ZyIX
CElWS1qxCCDTE0M9U93dnxbaC39yAO6dPyScsl8UOOfCOK90hEy+UooLUdD4YUpF
7RTizkIxBSwUXzxMtV7RuN4DIZSJzekQqpKOioPzglDn/xPMli+bsLnmGMhuDNAA
PIJAlpTV5OE=
=tF07
-----END PGP SIGNATURE-----

--- End Message ---