[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#619587: marked as done (FW: ca-certificate: blacklist invalid certs)

Your message dated Wed, 26 Oct 2011 18:32:15 +0000
with message-id <E1RJ8Gt-0003D0-IU@franck.debian.org>
and subject line Bug#619587: fixed in ca-certificates 20111025
has caused the Debian Bug report #619587,
regarding FW: ca-certificate: blacklist invalid certs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

619587: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619587
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: ca-certificate
Version: 20090814+nmu2

From: giffgilll@hotmail.com
To: team@security.debian.org
Subject: ca-certificate: blacklist invalid certs
Date: Thu, 24 Mar 2011 13:02:03 +0000

Package: ca-certificate
Version: 20090814+nmu2

This is in response to DSA 2200-1 http://lists.debian.org/debian-security-announce/2011/msg00068.html
The issue got fixed for iceweasel but to my understanding this still leaves other browsers, libraries and tools that use TLS/SSL vulnerable. Therefore the fraudulent certificates need to be blacklisted in ca-certificate as well.

Thank you.

--- End Message ---
--- Begin Message ---
Source: ca-certificates
Source-Version: 20111025

We believe that the bug you reported is fixed in the latest version of
ca-certificates, which is due to be installed in the Debian FTP archive:

  to main/c/ca-certificates/ca-certificates_20111025.dsc
  to main/c/ca-certificates/ca-certificates_20111025.tar.gz
  to main/c/ca-certificates/ca-certificates_20111025_all.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 619587@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Michael Shuler <michael@pbandjelly.org> (supplier of updated ca-certificates package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.8
Date: Tue, 25 Oct 2011 09:12:10 -0500
Source: ca-certificates
Binary: ca-certificates
Architecture: source all
Version: 20111025
Distribution: unstable
Urgency: low
Maintainer: Michael Shuler <michael@pbandjelly.org>
Changed-By: Michael Shuler <michael@pbandjelly.org>
 ca-certificates - Common CA certificates
Closes: 537382 588219 619587 630232 643667
 ca-certificates (20111025) unstable; urgency=low
   [ Michael Shuler ]
   * Add 3.0 (native) source format
   * Add Vcs-Git/Browser fields
   * Add myself as new Maintainer with Uploaders  Closes: #588219
   * Update mozilla/certdata.txt to latest (NSS branch version
     Certificates added (+) and removed (-):
     + "AffirmTrust Commercial"
     + "AffirmTrust Networking"
     + "AffirmTrust Premium"
     + "AffirmTrust Premium ECC"
     + "A-Trust-nQual-03"
     + "Bogus Global Trustee"
     + "Bogus GMail"
     + "Bogus Google"
     + "Bogus kuix.de"
     + "Bogus live.com"
     + "Bogus Mozilla Addons"
     + "Bogus Skype"
     + "Bogus Yahoo 1"
     + "Bogus Yahoo 2"
     + "Bogus Yahoo 3"
     + "Certinomis - Autorité Racine"
     + "Certum Trusted Network CA"
     + "Explicitly Distrust DigiNotar Cyber CA"
     + "Explicitly Distrust DigiNotar Cyber CA 2nd"
     + "Explicitly Distrust DigiNotar Root CA"
     + "Explicitly Distrust DigiNotar Services 1024 CA"
     + "Explicitly Distrusted DigiNotar PKIoverheid"
     + "Explicitly Distrusted DigiNotar PKIoverheid G2"
     + "Go Daddy Root Certificate Authority - G2"
     + "Root CA Generalitat Valenciana"
     + "Starfield Root Certificate Authority - G2"
     + "Starfield Services Root Certificate Authority - G2"
     + "TWCA Root Certification Authority"
     - "AOL Time Warner Root Certification Authority 1"
     - "AOL Time Warner Root Certification Authority 2"
     - "DigiNotar Root CA"
     - "Entrust.net Global Secure Personal CA"
     - "Entrust.net Global Secure Server CA"
     - "Entrust.net Secure Personal CA"
     - "IPS Chained CAs root"
     - "IPS CLASE1 root"
     - "IPS CLASE3 root"
     - "IPS CLASEA1 root"
     - "IPS CLASEA3 root"
     - "IPS Timestamping root"
     - "Thawte Personal Freemail CA"
     - "Thawte Time Stamping CA"
   * "Bogus *" CAs above address Comodo MITM 03/11  Closes: #619587
   * Update CAcert-Class 3-Subroot-certificate  Closes: #630232
   [ Steve Langasek ]
   * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
     the way before calling c_rehash, so that symlinks don't accidentally get
     pointed here, breaking openssl certificate verification  LP: #854927
   [ Loïc Minier ]
   * Drop bogus c_rehash on upgrades, which caused issue when
     ca-certificates.crt was still in place; instead, call
     update-ca-certificates --fresh on upgrades to this version, and
     the usual update-ca-certificates otherwise  Closes: #643667, #537382
 fd73ea4f9e085106bdf7979a29121fbf72b47dea 1747 ca-certificates_20111025.dsc
 3c9817265915a43e1a2cd8d88325df3904fbf5ee 298904 ca-certificates_20111025.tar.gz
 949ca2535b927753aa9edeb7afbedac9b793f630 185800 ca-certificates_20111025_all.deb
 3322f8df3c8edfba2a11b03b995f52b953810ddede324433c0ba285b0e3a0c13 1747 ca-certificates_20111025.dsc
 318bbf0f7c0a32adc10105f843148fd0e9e3b013de75645c02ea858652240924 298904 ca-certificates_20111025.tar.gz
 7d743b307ab31138176d6da4fff1f4c7f6bd246b42698662894bfb1b74e55647 185800 ca-certificates_20111025_all.deb
 0e3c65cb361b2710ce8626ec53cfeb1c 1747 misc optional ca-certificates_20111025.dsc
 dfd593c9f89e64351aae78b9be588696 298904 misc optional ca-certificates_20111025.tar.gz
 245d8b5bba947b8ae786e0f14459dd18 185800 misc optional ca-certificates_20111025_all.deb

Version: GnuPG v1.4.11 (GNU/Linux)


--- End Message ---

Reply to: