Your message dated Wed, 24 May 2017 15:48:45 +0000 with message-id <e1ddywj-0009xy...@fasolo.debian.org> and subject line Bug#858539: fixed in ca-certificates 20161130+nmu1 has caused the Debian Bug report #858539, regarding ca-certificates: Contains untrusted StartCom and WoSign certificates to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 858539: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858539 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ca-certificates Version: 20141019+deb8u2 Severity: important Tags: security Hi, StartCom and WoSign certificates are now untrusted by the major browser vendors[0][1], making websites that use certs from these vendors inaccessible. However, as this is not reflected in ca-certificates, tools such as curl still intepret these as valid/secure. (This has a knock-on effect that health-check tools that use the output of such tools to determine whether a site is "up" — eg. updown.io — will misleadingly imply that the site is available to users when, in all practical senses, they are not.) I would suggest we remove the offending authorities from ca-certificates as soon as possible. [0] https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ [1] My installation "chrome-stable" rejects them as well. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: ca-certificates Source-Version: 20161130+nmu1 We believe that the bug you reported is fixed in the latest version of ca-certificates, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 858...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated ca-certificates package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 19 May 2017 16:53:16 +0200 Source: ca-certificates Binary: ca-certificates ca-certificates-udeb Architecture: source all Version: 20161130+nmu1 Distribution: unstable Urgency: medium Maintainer: Michael Shuler <mich...@pbandjelly.org> Changed-By: Chris Lamb <la...@debian.org> Description: ca-certificates - Common CA certificates ca-certificates-udeb - Common CA certificates - udeb (udeb) Closes: 858539 Changes: ca-certificates (20161130+nmu1) unstable; urgency=medium . * Non-maintainer upload. * Add StartCom and WoSign certificates to mozilla/blacklist.txt as they are now untrusted by the major browser vendors. Closes: #858539 Checksums-Sha1: f599c3a2a1610db575840e0fb008ea7103184b8b 1886 ca-certificates_20161130+nmu1.dsc 0a5f4cfde484de562c711044ec85ea7cdc54318d 298648 ca-certificates_20161130+nmu1.tar.xz ea4d034472615b20124b060c26b3f37d8e9d1025 151078 ca-certificates-udeb_20161130+nmu1_all.udeb eab87c1cfabf5da427365c2826432b684f62fec2 195794 ca-certificates_20161130+nmu1_all.deb 861b048cfbc147e502aa1e026f6b75c6d8d2725d 6100 ca-certificates_20161130+nmu1_amd64.buildinfo Checksums-Sha256: 09e8d33c479827b070719170a9a98de7c1d4e9c7973ed8556321d08d8ae27494 1886 ca-certificates_20161130+nmu1.dsc 77f9aca431e3122bf04aa0ffd989b723d906db4d1c106e3290e463d73c177f0e 298648 ca-certificates_20161130+nmu1.tar.xz 9643f55c0eeac414155340aa553e12b4f3a9c080f5226af9ebc886cb712698df 151078 ca-certificates-udeb_20161130+nmu1_all.udeb 25d6f749c4fb33ae0d7999c2c7c52b842a8b6e5487f3a5c1e61b3c21f90ac452 195794 ca-certificates_20161130+nmu1_all.deb d6a346c124f7415d2dc61ea4f62657265a2af9c4cbcffe8982b39c57c00250ed 6100 ca-certificates_20161130+nmu1_amd64.buildinfo Files: 50d47199c79c936633e4048edf410c66 1886 misc optional ca-certificates_20161130+nmu1.dsc a09e8b63126188fd0ed77f6fbaf5d35f 298648 misc optional ca-certificates_20161130+nmu1.tar.xz 13def6a0b886d635d9c5f57973d486d3 151078 debian-installer optional ca-certificates-udeb_20161130+nmu1_all.udeb 3eed7f5c0075abe44f932df597312af0 195794 misc optional ca-certificates_20161130+nmu1_all.deb 66b2d6b55abfc28a19d29ae058ce771c 6100 misc optional ca-certificates_20161130+nmu1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlkfChsACgkQHpU+J9Qx HlheZhAAlVidOHpgC/7UZAZnpaA5cIW7MS3Oorn4YvhVc9NUSMB7GDJsN2vULke4 dtLymLWT51KJhUyiIbMVzyH/ILqKThDcaQ6RtDXbJqVru33mMaTQOL6BK4+EygD8 FXODMrmHui71ZeD5pLX+pJ8bk8fuKNDoPDmy9Hxw1kL5gcVJgs1sDc5mX5+gp3Ro emIEPamZpQzkkUxtJZXuJ9IeCIrCkCnWVhLam1EEkbir3UI8/y1OXetsJW4wlDwB 3PJdQz+BkIAA4iFXYpUakt6q1biSIpZ6ATpNMgaXcuJFwfQxgVt8orxcxwhFvN5C h7GVLu3/XHBNioyjq8CrMhK68IeaU5Go1Xld7jNmQgAY/1tOMFDdjhwtoWCMmLah oY0CEeCT8RBsPhD1d/rW/NdRi20kuWZmzjvuiQV/c2cSTteYmYLDQw9PnhJvrRP4 5KP7+1JgBfHvdUgLTOeSYloXwSiwR0eTsn/+Gk1X3UY7M0F06u9kYXZUIg5rE3o/ OvMMttswGWNZIP2wKlBxCt3ujaaLfl6XOZjdg7+Yv33vjO7NyPQSq1W4QUae/cpz VYTnowN0/7sDwRNAqx0eG5TvBLplPvfpzcwky4TKjmCFEzs4FGSqPkstPknb2ud/ SQB8UXQcva/aR5zJVSqPa7cHOUaZgKtLPhKSsLVm93I4WQhaC2Q= =gLdj -----END PGP SIGNATURE-----
--- End Message ---
