Package: ca-certificates Severity: normal Dear Maintainer,
The ca-certificates package includes legacy root certificates which have 1024-bit RSA keys. These are considered weak by modern standards, and have been removed from the upstream Mozilla trust store. For a while these were needed to workaround a bug in OpenSSL X.509 path building logic, but that bug has since been resolved so these are now vestigial and a risk. -- System Information: Debian Release: 8.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.4.47-boot2docker (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: unable to detect -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: D1B3 ADC0 E023 8CA6