This bug was fixed in the package nss - 3.12.9+ckbi-1.82-0ubuntu2.1 --------------- nss (3.12.9+ckbi-1.82-0ubuntu2.1) natty-security; urgency=low
* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against 3.12.9 to remove the DigiNotar certificates and actively distrust them; Thanks to Mike Hommey from Debian for the original patch (LP: #837557) - mozilla/security/nss/lib/ckfw/builtins/certdata.*: Explicitely distrust various DigiNotar CAs: - DigiNotar Root CA - DigiNotar Services 1024 CA - DigiNotar Cyber CA - DigiNotar Cyber CA 2nd - DigiNotar PKIoverheid - DigiNotar PKIoverheid G2 - mozilla/security/nss/lib/ckfw/builtins/certdata.*: Remove DigiNotar Root CA. -- Micah Gersten <mic...@ubuntu.com> Wed, 07 Sep 2011 15:15:37 -0500 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to thunderbird in Ubuntu. https://bugs.launchpad.net/bugs/837557 Title: fraudulent DigiNotar certificate issuance Status in “ca-certificates” package in Ubuntu: Fix Released Status in “chromium-browser” package in Ubuntu: Confirmed Status in “firefox” package in Ubuntu: Fix Released Status in “nss” package in Ubuntu: Confirmed Status in “qt4-x11” package in Ubuntu: Triaged Status in “seamonkey” package in Ubuntu: Confirmed Status in “thunderbird” package in Ubuntu: Fix Released Status in “xulrunner-1.9.2” package in Ubuntu: Invalid Status in “ca-certificates” source package in Lucid: Fix Committed Status in “chromium-browser” source package in Lucid: Confirmed Status in “firefox” source package in Lucid: Fix Released Status in “nss” source package in Lucid: Fix Released Status in “qt4-x11” source package in Lucid: Confirmed Status in “seamonkey” source package in Lucid: Confirmed Status in “thunderbird” source package in Lucid: Fix Released Status in “xulrunner-1.9.2” source package in Lucid: Fix Released Status in “ca-certificates” source package in Maverick: Fix Committed Status in “chromium-browser” source package in Maverick: Confirmed Status in “firefox” source package in Maverick: Fix Released Status in “nss” source package in Maverick: Fix Released Status in “qt4-x11” source package in Maverick: In Progress Status in “seamonkey” source package in Maverick: Confirmed Status in “thunderbird” source package in Maverick: Fix Released Status in “xulrunner-1.9.2” source package in Maverick: Fix Released Status in “ca-certificates” source package in Natty: Fix Committed Status in “chromium-browser” source package in Natty: Confirmed Status in “firefox” source package in Natty: Fix Released Status in “nss” source package in Natty: Fix Released Status in “qt4-x11” source package in Natty: In Progress Status in “seamonkey” source package in Natty: Confirmed Status in “thunderbird” source package in Natty: Fix Released Status in “xulrunner-1.9.2” source package in Natty: Triaged Status in “ca-certificates” source package in Oneiric: Fix Released Status in “chromium-browser” source package in Oneiric: Confirmed Status in “firefox” source package in Oneiric: Fix Released Status in “nss” source package in Oneiric: Confirmed Status in “qt4-x11” source package in Oneiric: Triaged Status in “seamonkey” source package in Oneiric: Confirmed Status in “thunderbird” source package in Oneiric: Fix Released Status in “xulrunner-1.9.2” source package in Oneiric: Invalid Status in “ca-certificates” package in Debian: Fix Released Bug description: USN Information: This is being tracked in USN-1197-* NOTE: The Firefox update causes a regression for certain Dutch sites which is being tracked in Bug #838322. NOTE #2: The current update for Thunderbird still shows the DigiNotar Root CA as trusted in the certificate manager. This is due to Thunderbird using the system version of NSS. In this initial update, Thunderbird will actively distrust any certificate signed by the DigiNotar Root CA. Future updates will properly show the root CA as distrusted in the certificate manager. WORKAROUND (from blog post): http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert ------------------------------------------------- http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com- certificate/ Qt 4.7 blog post: http://labs.qt.nokia.com/2011/09/07/what-the- diginotar-security-breach-means-for-qt-users-continued/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/837557/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp