[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 192-1] Updated ca-certificates package

Debian Stable Updates Announcement SUA 192-1     https://www.debian.org
debian-release@lists.debian.org                          Julien Cristau
January 29th, 2021

Package              : ca-certificates
Version              : 20200601~deb10u2
Importance           : medium

The ca-certificates package includes copies of the root and intermediate
SSL certificates used by various Certificate Authorities to sign SSL
certificates they issue. This allows applications to confirm the
authenticity of certificates being used by servers that they connect

The ca-certificates update in SUA 182-1 included distrusting legacy
Symantec certificates.  However, this update did not consider the
whitelisting by browsers of some intermediate certificates (see 
https://wiki.mozilla.org/CA/Additional_Trust_Changes#Symantec), and thus
caused unintentional breakage.

If you use ca-certificates to connect to TLS endpoints using a 
certificate issued from a legacy Symantec root CA, we recommend that you 
install this update.

Note: after upgrading to this version, the legacy Symantec CA 
certificates may not be automatically re-added to the trust store.  They
can be re-enabled by running "dpkg-reconfigure ca-certificates".

Upgrade Instructions

You can get the updated packages by adding the stable-updates archive
for your distribution to your /etc/apt/sources.list:

 deb https://deb.debian.org/debian buster-updates main
 deb-src https://deb.debian.org/debian buster-updates main

You can also use any of the Debian archive mirrors.  See
https://www.debian.org/mirrors/list for the full list of mirrors.

For further information about stable-updates, please refer to

If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at debian-release@lists.debian.org

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: