Your message dated Fri, 13 Feb 2009 17:54:10 +0000 (UTC)
with message-id <[email protected]>
and subject line Bug#509419: fixed in ca-certificates 20070303+volatile1
has caused the Debian Bug report #509419,
regarding Deprecated VeriSign CA
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
509419: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509419
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ca-certificates
Version: 20070303
Severity: grave
Tags: security
It seems that ca-certificates isn't up-to-date anymore; yesterday, when
checking an online banking site[1][2], I stumbled upon a Firefox warning
about an unknown CA for the site's certificate (WTF...?). Same with
Konqueror, both on Debian Etch and Ubuntu Dapper Drake (6.06 LTS).
This morning I got the chance to check with Firefox 3 and IE6 on Win XP and
also Opera 9.63 on Debian Etch, which all worked fine and showed the site
as "green".
So it seems obvious that ca-certificates is outdated for the site's Verisign
CA certificate (the site's certificate has been renewed recently:
15.12.2008).
I consider this quite grave since Versign is a major CA.
CC to debian-volatile.
[1] direct link, may be to long (line wrapping):
https://www.mercedes-benz-bank.de/intrade/disp?
$part=portal.main.applications.Login.app&_docId_=6350&linkArea=login
[2] indirect, click on "Login Online Banking":
http://www.mercedes-benz-bank.de/intrade/cms/PK_Startseite.html
--- End Message ---
--- Begin Message ---
Source: ca-certificates
Source-Version: 20070303+volatile1
We believe that the bug you reported is fixed in the latest version of
ca-certificates, which is due to be installed in the volatile.debian.org FTP
archive:
ca-certificates_20070303+volatile1.dsc
to pool/volatile/main/c/ca-certificates/ca-certificates_20070303+volatile1.dsc
ca-certificates_20070303+volatile1.tar.gz
to
pool/volatile/main/c/ca-certificates/ca-certificates_20070303+volatile1.tar.gz
ca-certificates_20070303+volatile1_all.deb
to
pool/volatile/main/c/ca-certificates/ca-certificates_20070303+volatile1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
volatile.debian.org distribution maintenance software
pp.
Philipp Kern <[email protected]> (supplier of updated ca-certificates package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 22 Dec 2008 12:11:40 +0100
Source: ca-certificates
Binary: ca-certificates
Architecture: source all
Version: 20070303+volatile1
Distribution: etch-volatile
Urgency: low
Maintainer: Philipp Kern <[email protected]>
Changed-By: Philipp Kern <[email protected]>
Description:
ca-certificates - Common CA Certificates PEM files
Closes: 447062 456581 509419
Changes:
ca-certificates (20070303+volatile1) etch-volatile; urgency=low
.
* Updated mozilla certificates to the version as fetched for
ca-certificates version 20080411, which led to the following
adds (+) and removes (-):
+ Camerfirma Chambers of Commerce Root
+ Camerfirma Global Chambersign Root
+ Certplus Class 2 Primary CA
+ COMODO Certification Authority
+ DigiCert Assured ID Root CA
+ DigiCert Global Root CA
+ DigiCert High Assurance EV Root CA
+ DST ACES CA X6
+ DST Root CA X3
+ Entrust Root Certification Authority
+ Firmaprofesional Root CA
+ GeoTrust Global CA 2
+ GeoTrust Primary Certification Authority
+ GeoTrust Universal CA
+ GeoTrust Universal CA 2
+ GlobalSign Root CA - R2
+ Go Daddy Class 2 CA
+ NetLock Business (Class B) Root
+ NetLock Express (Class C) Root
+ NetLock Notary (Class A) Root
+ NetLock Qualified (Class QA) Root
+ QuoVadis Root CA 2
+ QuoVadis Root CA 3
+ Secure Global CA
+ SecureTrust CA
+ Starfield Class 2 CA
+ StartCom Certification Authority
+ StartCom Ltd.
+ Swisscom Root CA 1
+ SwissSign Gold CA - G2
+ SwissSign Platinum CA - G2
+ SwissSign Silver CA - G2
+ Taiwan GRCA
+ thawte Primary Root CA
+ TURKTRUST Certificate Services Provider Root 1
+ TURKTRUST Certificate Services Provider Root 2
+ VeriSign Class 3 Public Primary Certification Authority - G5
+ Wells Fargo Root CA
+ XRamp Global CA Root
- Verisign Class 1 Public Primary OCSP Responder
- Verisign Class 2 Public Primary OCSP Responder
- Verisign Class 3 Public Primary OCSP Responder
- Verisign Secure Server OCSP Responder
(Closes: #447062, #456581, #509419)
* Added a new SPI CA certificate, created in response to the latest
openssl security update.
* Removed old SPI CA certificates (2006, 2007) as CAs cannot be
revoked sensibly. Expired CA created in 2003, expired in 2007 left
around for reference.
* Removed Brazilian Portuguese Debconf translation to avoid the scripts
bailing out on upgrade due to script variables being translated.
Files:
203348438b90424ecce4118d2ce2b278 586 misc optional
ca-certificates_20070303+volatile1.dsc
30411e07b33b0d84add711dfc20c103c 214025 misc optional
ca-certificates_20070303+volatile1.tar.gz
a624b3e863d7b57ff67edf627f2bd3c9 137694 misc optional
ca-certificates_20070303+volatile1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAklPfQgACgkQ7Ro5M7LPzdj6FwCgw87A2ez+o2TfVjTQpnIMHTmV
B54An1N/5jWDWuCb1G1W4CmAWIt/2bgF
=7WsK
-----END PGP SIGNATURE-----
--- End Message ---
