[SUA 182-1] Updated ca-certificates package

To: debian-stable-announce@lists.debian.org
Subject: [SUA 182-1] Updated ca-certificates package
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sun, 07 Jun 2020 15:22:23 +0100
Message-id: <[🔎] 782aa924f2638518de48eac3cf91d354b87a13a0.camel@adam-barratt.org.uk>
Mail-followup-to: debian-release@lists.debian.org
Reply-to: debian-release@lists.debian.org

-----------------------------------------------------------------------
Debian Stable Updates Announcement SUA 182-1     https://www.debian.org
debian-release@lists.debian.org                          Michael Shuler
June 7th, 2020
-----------------------------------------------------------------------

Package              : ca-certificates
Version              : 20200601~deb10u1 [buster]
                       20200601~deb9u1  [stretch]
Importance           : medium


The ca-certificates package includes copies of the root and intermediate
SSL certificates used by various Certificate Authorities to sign SSL
certificates they issue. This allows applications to confirm the
authenticity of certificates being used by servers that they connect
to.

Recently, one of the included certificates - the "AddTrust External
Root" certificate - expired, causing problems for some applications
attempting to verify connections to servers using that certificate.

It should be possible to verify affected connections using other
"chains" of intermediate and root certificates. However, the inclusion
of the expired certificate can lead to some libraries and applications
using it in preference, resulting in verification failures. This update
disables the use of that certificate for connections, allowing them to
be verified successfully.

The included Mozilla certificate bundle is updated to version
2.40, thus also disabling a number of root certificates belonging to
Symantec.

If you use ca-certificates, we recommend that you install this update.

Upgrade Instructions
--------------------

You can get the updated packages by adding the stable-updates archive
for your distribution to your /etc/apt/sources.list:

 deb http://ftp.debian.org/debian buster-updates main
 deb-src http://ftp.debian.org/debian buster-updates main

  or

 deb http://ftp.debian.org/debian stretch-updates main
 deb-src http://ftp.debian.org/debian stretch-updates main

You can also use any of the Debian archive mirrors.  See
https://www.debian.org/mirrors/list for the full list of mirrors.

For further information about stable-updates, please refer to
https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html

If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at debian-release@lists.debian.org

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: [SUA 181-1] Updated libclamunrar version
Next by Date: [SUA 183-1] Updated pagekite package
Previous by thread: [SUA 181-1] Updated libclamunrar version
Next by thread: [SUA 183-1] Updated pagekite package
Index(es):
- Date
- Thread