Package: ca-certificates Version: 20070303 Severity: grave Tags: security It seems that ca-certificates isn't up-to-date anymore; yesterday, when checking an online banking site[1][2], I stumbled upon a Firefox warning about an unknown CA for the site's certificate (WTF...?). Same with Konqueror, both on Debian Etch and Ubuntu Dapper Drake (6.06 LTS).
This morning I got the chance to check with Firefox 3 and IE6 on Win XP and also Opera 9.63 on Debian Etch, which all worked fine and showed the site as "green". So it seems obvious that ca-certificates is outdated for the site's Verisign CA certificate (the site's certificate has been renewed recently: 15.12.2008). I consider this quite grave since Versign is a major CA. CC to debian-volatile. [1] direct link, may be to long (line wrapping): https://www.mercedes-benz-bank.de/intrade/disp? $part=portal.main.applications.Login.app&_docId_=6350&linkArea=login [2] indirect, click on "Login Online Banking": http://www.mercedes-benz-bank.de/intrade/cms/PK_Startseite.html -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
