----------------------------------------------------------------------- Debian Stable Updates Announcement SUA 192-1 https://www.debian.org debian-release@lists.debian.org Julien Cristau January 29th, 2021 ----------------------------------------------------------------------- Package : ca-certificates Version : 20200601~deb10u2 Importance : medium The ca-certificates package includes copies of the root and intermediate SSL certificates used by various Certificate Authorities to sign SSL certificates they issue. This allows applications to confirm the authenticity of certificates being used by servers that they connect to. The ca-certificates update in SUA 182-1 included distrusting legacy Symantec certificates. However, this update did not consider the whitelisting by browsers of some intermediate certificates (see https://wiki.mozilla.org/CA/Additional_Trust_Changes#Symantec), and thus caused unintentional breakage. If you use ca-certificates to connect to TLS endpoints using a certificate issued from a legacy Symantec root CA, we recommend that you install this update. Note: after upgrading to this version, the legacy Symantec CA certificates may not be automatically re-added to the trust store. They can be re-enabled by running "dpkg-reconfigure ca-certificates". Upgrade Instructions -------------------- You can get the updated packages by adding the stable-updates archive for your distribution to your /etc/apt/sources.list: deb https://deb.debian.org/debian buster-updates main deb-src https://deb.debian.org/debian buster-updates main You can also use any of the Debian archive mirrors. See https://www.debian.org/mirrors/list for the full list of mirrors. For further information about stable-updates, please refer to https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at debian-release@lists.debian.org
Attachment:
signature.asc
Description: This is a digitally signed message part