Bug#640567: marked as done (ca-certificates: Remove Staat_der_Nederlanden_Root_CA certificates)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Mon, 5 Sep 2011 14:19:07 -0500
with message-id <201109051419.08501.geissert@debian.org>
and subject line Re: Bug#640567: ca-certificates: Remove Staat_der_Nederlanden_Root_CA certificates
has caused the Debian Bug report #640567,
regarding ca-certificates: Remove Staat_der_Nederlanden_Root_CA certificates
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
640567: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640567
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: ca-certificates: Remove Staat_der_Nederlanden_Root_CA certificates
• From: Sam Morris <sam@robots.org.uk>
• Date: Mon, 05 Sep 2011 19:49:41 +0100
• Message-id: <[🔎] 20110905184941.20122.26051.reportbug@wintermute>

Package: ca-certificates
Version: 20110502+nmu1
Severity: grave
Tags: security
Justification: user security hole

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ca-certificates still ships the following two certificates that are
being removed from Mozilla following the DigiNotar debacle:

Staat_der_Nederlanden_Root_CA.crt
Staat_der_Nederlanden_Root_CA_-_G2.crt

ref: https://bugzilla.mozilla.org/show_bug.cgi?id=683449

- -- System Information:
Debian Release: wheezy/sid
  APT prefers stable-updates
  APT policy: (550, 'stable-updates'), (550, 'stable'), (540, 'testing'), (530, 'unstable'), (520, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ca-certificates depends on:
ii  debconf [debconf-2.0]         1.5.36.1   Debian configuration management sy
ii  openssl                       1.0.0d-3   Secure Socket Layer (SSL) binary a

ca-certificates recommends no packages.

ca-certificates suggests no packages.

- -- debconf information excluded

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk5lGb8ACgkQshl/216gEHjvYACfdJQ4ZhhC1DTymMRQtUMsdu56
ChIAmwQGImXTKbGbG0aa9Q7UaHTrzuuH
=P52f
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

• To: 640567-done@bugs.debian.org
• Subject: Re: Bug#640567: ca-certificates: Remove Staat_der_Nederlanden_Root_CA certificates
• From: Raphael Geissert <geissert@debian.org>
• Date: Mon, 5 Sep 2011 14:19:07 -0500
• Message-id: <201109051419.08501.geissert@debian.org>
• In-reply-to: <[🔎] 20110905184941.20122.26051.reportbug@wintermute>
• References: <[🔎] 20110905184941.20122.26051.reportbug@wintermute>

On Monday 05 September 2011 13:49:41 Sam Morris wrote:
> ca-certificates still ships the following two certificates that are
> being removed from Mozilla following the DigiNotar debacle:
> 
> Staat_der_Nederlanden_Root_CA.crt
> Staat_der_Nederlanden_Root_CA_-_G2.crt

No, that's not correct. Those certificates are *not* being removed.

There was an exception in place for DigiNotar's PKIoverheid intermediate 
certs. That's what is being removed.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

--- End Message ---