----------------------------------------------------------------------- Debian Stable Updates Announcement SUA 182-1 https://www.debian.org debian-release@lists.debian.org Michael Shuler June 7th, 2020 ----------------------------------------------------------------------- Package : ca-certificates Version : 20200601~deb10u1 [buster] 20200601~deb9u1 [stretch] Importance : medium The ca-certificates package includes copies of the root and intermediate SSL certificates used by various Certificate Authorities to sign SSL certificates they issue. This allows applications to confirm the authenticity of certificates being used by servers that they connect to. Recently, one of the included certificates - the "AddTrust External Root" certificate - expired, causing problems for some applications attempting to verify connections to servers using that certificate. It should be possible to verify affected connections using other "chains" of intermediate and root certificates. However, the inclusion of the expired certificate can lead to some libraries and applications using it in preference, resulting in verification failures. This update disables the use of that certificate for connections, allowing them to be verified successfully. The included Mozilla certificate bundle is updated to version 2.40, thus also disabling a number of root certificates belonging to Symantec. If you use ca-certificates, we recommend that you install this update. Upgrade Instructions -------------------- You can get the updated packages by adding the stable-updates archive for your distribution to your /etc/apt/sources.list: deb http://ftp.debian.org/debian buster-updates main deb-src http://ftp.debian.org/debian buster-updates main or deb http://ftp.debian.org/debian stretch-updates main deb-src http://ftp.debian.org/debian stretch-updates main You can also use any of the Debian archive mirrors. See https://www.debian.org/mirrors/list for the full list of mirrors. For further information about stable-updates, please refer to https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at debian-release@lists.debian.org
Attachment:
signature.asc
Description: This is a digitally signed message part