Package: ca-certificate Version: 20090814+nmu2 From: giffgi...@hotmail.com To: t...@security.debian.org Subject: ca-certificate: blacklist invalid certs Date: Thu, 24 Mar 2011 13:02:03 +0000
Package: ca-certificate Version: 20090814+nmu2 Hello! This is in response to DSA 2200-1 http://lists.debian.org/debian-security-announce/2011/msg00068.html The issue got fixed for iceweasel but to my understanding this still leaves other browsers, libraries and tools that use TLS/SSL vulnerable. Therefore the fraudulent certificates need to be blacklisted in ca-certificate as well. Thank you.