Nora Blob: those are blacklist entries. See details at
https://security.stackexchange.com/questions/174474/why-is-diginotar-ca-
still-in-my-mozilla-firefox.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bu
Hello Oliver Tilloy,
can you verify this issue?
Best regrads
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
Status in ca-
Hello Oliver Tilloy,
I can reproduce this issue in
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 18.04.1 LTS
Release:18.04
Codename: bionic
I created a new profile with firefox -p --new-instance, and get the
certificates in the new profile with the new
Nora Blob, Ubuntu 17.10 is EOL and not supported any longer. Is the
issue present in a supported release of Ubuntu (14.04, 16.04, 18.04,
18.10) or in the current development version (19.04) ?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed t
** Attachment added: "certs.tar.bz2"
https://bugs.launchpad.net/ubuntu/+source/seamonkey/+bug/837557/+attachment/5215891/+files/certs.tar.bz2
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpa
** Attachment added: "certs.tar.bz2.gpg"
https://bugs.launchpad.net/ubuntu/+source/seamonkey/+bug/837557/+attachment/5215892/+files/certs.tar.bz2.gpg
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.
Hello I observed this issue in:
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 17.10
Release:17.10
Codename: artful
I also observed it in a local build from the gentoo repositories. I
attached the certs and will open issues at gentoo and mozilla.
--
Yo
** Changed in: ca-certificates (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => (unassigned)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNota
** Branch unlinked: lp:~mozillateam/firefox/firefox.head
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
Status in ca-certi
** Changed in: seamonkey (Ubuntu Lucid)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuanc
** Branch linked: lp:ubuntu/natty-security/xulrunner-1.9.2
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
Status in “ca-ce
This bug was fixed in the package xulrunner-1.9.2 - 1.9.2.27+build1
+nobinonly-0ubuntu0.11.04.1
---
xulrunner-1.9.2 (1.9.2.27+build1+nobinonly-0ubuntu0.11.04.1) natty-security;
urgency=low
* SECURITY UPDATE: New upstream release v1.9.2.27 (FIREFOX_3_6_27_BUILD1)
See the followi
Fixed in 14.0.835.202~r103287-0ubuntu0.11.04.1
** Changed in: chromium-browser (Ubuntu Natty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/
Fixed in 14.0.835.202~r103287-0ubuntu0.10.04.2
** Changed in: chromium-browser (Ubuntu Lucid)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/
Fixed in 14.0.835.202~r103287-0ubuntu0.10.10.1
** Changed in: chromium-browser (Ubuntu Maverick)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.n
** Changed in: chromium-browser (Ubuntu Lucid)
Status: Confirmed => Fix Committed
** Changed in: chromium-browser (Ubuntu Maverick)
Status: Confirmed => Fix Committed
** Changed in: chromium-browser (Ubuntu Natty)
Status: Confirmed => Fix Committed
--
You received this bug
Fixed with the recent update to Chromium 14.
** Changed in: chromium-browser (Ubuntu Oneiric)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs
** Branch linked: lp:firefox/stable
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
Status in “ca-certificates” package in
** Branch linked: lp:ubuntu/lucid-security/qt4-x11
** Branch linked: lp:ubuntu/maverick-security/qt4-x11
** Branch linked: lp:ubuntu/natty-security/qt4-x11
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://b
This bug was fixed in the package qt4-x11 - 4:4.7.2-0ubuntu6.3
---
qt4-x11 (4:4.7.2-0ubuntu6.3) natty-security; urgency=low
* SECURITY UPDATE: Blacklist Diginotar root and intermediate certificates;
Fraudulent certificates were mis-issued that could allow an attacker to
moni
This bug was fixed in the package qt4-x11 - 4:4.7.0-0ubuntu4.4
---
qt4-x11 (4:4.7.0-0ubuntu4.4) maverick-security; urgency=low
* SECURITY UPDATE: Blacklist Diginotar root and intermediate certificates;
Fraudulent certificates were mis-issued that could allow an attacker to
m
This bug was fixed in the package qt4-x11 - 4:4.6.2-0ubuntu5.3
---
qt4-x11 (4:4.6.2-0ubuntu5.3) lucid-security; urgency=low
* SECURITY UPDATE: Blacklist Diginotar root and intermediate certificates;
Fraudulent certificates were mis-issued that could allow an attacker to
moni
** Branch linked: lp:thunderbird/stable
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
Status in “ca-certificates” package
** Changed in: ca-certificates (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuan
Please don't change bug watches without a comment.
** Changed in: ca-certificates (Debian)
Importance: Undecided => Unknown
** Changed in: ca-certificates (Debian)
Status: New => Unknown
** Changed in: ca-certificates (Debian)
Remote watch: None => Debian Bug tracker #639744
--
You
** Changed in: ca-certificates (Debian)
Importance: Unknown => Undecided
** Changed in: ca-certificates (Debian)
Status: Fix Released => New
** Changed in: ca-certificates (Debian)
Remote watch: Debian Bug tracker #639744 => None
--
You received this bug notification because you are
While Lucid doesn't have the DigiNotar root CA, we can still blacklist
like we did for Comodo.
** Changed in: qt4-x11 (Ubuntu Lucid)
Status: Confirmed => Fix Committed
** Changed in: qt4-x11 (Ubuntu Lucid)
Assignee: (unassigned) => Micah Gersten (micahg)
--
You received this bug not
Lucid, Maverick, and Natty builds of qt4-x11 will be available in
ubuntu-security-proposed in several hours for anyone who is interested
** Changed in: nss (Ubuntu Oneiric)
Assignee: (unassigned) => Micah Gersten (micahg)
** Changed in: qt4-x11 (Ubuntu Maverick)
Status: In Progress =>
** Branch linked: lp:ubuntu/nss
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
Status in “ca-certificates” package in Ubun
This bug was fixed in the package nss - 3.12.9+ckbi-1.82-0ubuntu5
---
nss (3.12.9+ckbi-1.82-0ubuntu5) oneiric; urgency=low
* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
3.12.9 to remove the DigiNotar certificates and actively distrust them;
Thank
** Branch linked: lp:ubuntu/qt4-x11
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
Status in “ca-certificates” package in
This bug was fixed in the package qt4-x11 - 4:4.7.4-0ubuntu1
---
qt4-x11 (4:4.7.4-0ubuntu1) oneiric; urgency=low
* New upstream release (LP: #839557, #785318)
* debian/patches/Add_support_for_QT_USE_DRAG_DISTANCE_env_var.patch,
debian/patches/a11y_qt_and_qml_backport.diff,
** Branch linked: lp:ubuntu/lucid-security/ca-certificates
** Branch linked: lp:ubuntu/natty-security/ca-certificates
** Branch linked: lp:ubuntu/maverick-security/ca-certificates
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderb
This bug was fixed in the package ca-certificates -
20090814ubuntu0.10.10.1
---
ca-certificates (20090814ubuntu0.10.10.1) maverick-security; urgency=low
* SECURITY UPDATE: Blacklist "DigiNotar Root CA" due to fraudulent
certificate issuance (LP: #837557)
- update mozilla/bla
This bug was fixed in the package ca-certificates -
20090814+nmu2ubuntu0.1
---
ca-certificates (20090814+nmu2ubuntu0.1) natty-security; urgency=low
* SECURITY UPDATE: Blacklist "DigiNotar Root CA" due to fraudulent
certificate issuance (LP: #837557)
- update mozilla/blacklis
This bug was fixed in the package ca-certificates -
20090814ubuntu0.10.04.1
---
ca-certificates (20090814ubuntu0.10.04.1) lucid-security; urgency=low
* SECURITY UPDATE: Blacklist "DigiNotar Root CA" due to fraudulent
certificate issuance (LP: #837557)
- update mozilla/blackl
** Branch linked: lp:ubuntu/natty-security/nss
** Branch linked: lp:ubuntu/lucid-security/nss
** Branch linked: lp:ubuntu/maverick-security/nss
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpa
This bug was fixed in the package nss - 3.12.9+ckbi-1.82-0ubuntu2.1
---
nss (3.12.9+ckbi-1.82-0ubuntu2.1) natty-security; urgency=low
* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
3.12.9 to remove the DigiNotar certificates and actively distrust them
This bug was fixed in the package nss -
3.12.9+ckbi-1.82-0ubuntu0.10.04.3
---
nss (3.12.9+ckbi-1.82-0ubuntu0.10.04.3) lucid-security; urgency=low
* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
3.12.9 to remove the DigiNotar certificates and actively d
This bug was fixed in the package nss -
3.12.9+ckbi-1.82-0ubuntu0.10.10.3
---
nss (3.12.9+ckbi-1.82-0ubuntu0.10.10.3) maverick-security; urgency=low
* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
3.12.9 to remove the DigiNotar certificates and activel
Hi,
For the very old Seamonkey 2.0 : http://support.mozilla.com/fr/kb
/supprimer-certificat-diginotar-ca
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent D
** Branch linked: lp:~kubuntu-packagers/kubuntu-packaging/qt
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
Status in “ca-
Didier,
I was told you're doing a qt4-x11 upload, can you include the blacklist patch
from the blog post in the Description of this bug?
** Changed in: qt4-x11 (Ubuntu Oneiric)
Assignee: (unassigned) => Didier Roche (didrocks)
--
You received this bug notification because you are a member
Just found out Qt 4.7 has a blacklist patch, so reopening tasks fro
maverick/natty/oneiric
** Changed in: qt4-x11 (Ubuntu Maverick)
Importance: Undecided => Medium
** Changed in: qt4-x11 (Ubuntu Maverick)
Status: Invalid => In Progress
** Changed in: qt4-x11 (Ubuntu Maverick)
Assi
** Branch linked: lp:~mozillateam/nss/nss.natty
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
Status in “ca-certificates”
** Branch linked: lp:~mozillateam/nss/nss.maverick
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
Status in “ca-certificat
** Branch linked: lp:~mozillateam/nss/nss.lucid
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
Status in “ca-certificates”
** Branch linked: lp:ubuntu/thunderbird
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
Status in “ca-certificates” package
This bug was fixed in the package thunderbird - 7.0~b2+build2+nobinonly-
0ubuntu1
---
thunderbird (7.0~b2+build2+nobinonly-0ubuntu1) oneiric; urgency=low
* New upstream release from the beta channel (THUNDERBIRD_7_0b2_BUILD2)
- LP: #837557 and LP: #838322
* Update globalmenu-
regarding the Qt bundle: I cannot find the DigiNotar root cert in there, the
bundle is really old apparently.
(did:
cd src/network/ssl
csplit -s qt-ca-bundle.crt '/^$/' {*}
for i in $(ls ./xx*); do echo $i; openssl x509 -text -noout -in $i; done|grep
-i 'subject:'|grep -i diginotar
... does not y
** Description changed:
- NOTE: The Firefox update causes a regression for certain Dutch sites
- which is being tracked in Bug #838322.
+ NOTE: The Firefox update causes a regression for certain Dutch sites which is
being tracked in Bug #838322.
+ NOTE #2: The current update for Thunderbird still
** Branch linked: lp:ubuntu/lucid-security/thunderbird
** Branch linked: lp:ubuntu/maverick-security/thunderbird
** Branch linked: lp:ubuntu/natty-security/thunderbird
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubunt
This bug was fixed in the package thunderbird - 3.1.13+build1+nobinonly-
0ubuntu0.10.04.1
---
thunderbird (3.1.13+build1+nobinonly-0ubuntu0.10.04.1) lucid-security;
urgency=low
* New upstream release v3.1.13 (THUNDERBIRD_3_1_13_BUILD1)
- Distrust and disable DigiNotar Root CA d
This bug was fixed in the package thunderbird - 3.1.13+build1+nobinonly-
0ubuntu0.11.04.1
---
thunderbird (3.1.13+build1+nobinonly-0ubuntu0.11.04.1) natty-security;
urgency=low
* New upstream release v3.1.13 (THUNDERBIRD_3_1_13_BUILD1)
- Distrust and disable DigiNotar Root CA d
This bug was fixed in the package thunderbird - 3.1.13+build1+nobinonly-
0ubuntu0.10.10.1
---
thunderbird (3.1.13+build1+nobinonly-0ubuntu0.10.10.1) maverick-security;
urgency=low
* New upstream release v3.1.13 (THUNDERBIRD_3_1_13_BUILD1)
- Distrust and disable DigiNotar Root C
UPDATE:
Unfortunately, the ca-certificates and NSS fixes available at the moment are
only a partial fix that won't actually help very much. I'm currently waiting
on fixes that should address this issue completely. I will be releasing
Thunderbird in a few hours with the same fix that Firefox go
** Changed in: chromium-browser (Ubuntu)
Status: New => Confirmed
** Changed in: chromium-browser (Ubuntu Lucid)
Status: New => Confirmed
** Changed in: chromium-browser (Ubuntu Maverick)
Status: New => Confirmed
** Changed in: chromium-browser (Ubuntu Natty)
Status:
** Also affects: chromium-browser (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificat
** Changed in: nss (Ubuntu Lucid)
Status: Confirmed => In Progress
** Changed in: nss (Ubuntu Maverick)
Status: Confirmed => In Progress
** Changed in: nss (Ubuntu Natty)
Status: Confirmed => In Progress
** Changed in: seamonkey (Ubuntu Lucid)
Status: New => Confirmed
** Changed in: ca-certificates (Ubuntu Lucid)
Status: In Progress => Fix Committed
** Changed in: ca-certificates (Ubuntu Maverick)
Status: In Progress => Fix Committed
** Changed in: ca-certificates (Ubuntu Natty)
Status: In Progress => Fix Committed
--
You received this b
** Also affects: seamonkey (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issua
** Changed in: nss (Ubuntu Oneiric)
Assignee: Micah Gersten (micahg) => (unassigned)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certifi
@Olivier Mengué
I am working on updates for NSS and ca-certificates to address this system wide.
@Anonymous
Seamonkey is currently not in a good state, but I will try to get an update for
it eventually. In the mean time, the NSS update should take care of this
security issue for most use cases.
** Changed in: ca-certificates (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuan
debian has released ca-certificates version 20110502+nmu1 that fix this
** Bug watch added: Debian Bug tracker #639744
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639744
** Also affects: ca-certificates (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639744
Importance:
The proposed workaround is only for Firefox.
What about other applications that may access Google services on a Ubuntu
system?
Can we simply "sudo rm /etc/ssl/certs/DigiNotar_Root_CA.pem" ?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to
As you might have seen at Mozilla's Bugzilla
(https://bugzilla.mozilla.org/show_bug.cgi?id=683449), the current Gecko
fixes block too much, so there will soon be another update to the
mentioned Gecko products, presumably requiring action in Ubuntu too.
** Bug watch added: Mozilla Bugzilla #683449
** Branch linked: lp:thunderbird/beta
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
Status in “ca-certificates” package i
Also affects SeaMonkey (https://launchpad.net/ubuntu/+source/seamonkey).
Please update SeaMonkey to version 2.3.2 so that this problem can be
prevented there too. SeaMonkey version 2.3.2 erroneously identifies
itself as version 2.3.1 (see
https://bugzilla.mozilla.org/show_bug.cgi?id=683473). If you
** Branch linked: lp:ubuntu/lucid-security/firefox
** Branch linked: lp:ubuntu/lucid-security/xulrunner-1.9.2
** Branch linked: lp:ubuntu/maverick-security/xulrunner-1.9.2
** Branch linked: lp:ubuntu/maverick-security/firefox
** Branch linked: lp:ubuntu/natty-security/firefox
--
You received
** Changed in: ca-certificates (Ubuntu Maverick)
Importance: Undecided => Medium
** Changed in: ca-certificates (Ubuntu Maverick)
Status: New => In Progress
** Changed in: ca-certificates (Ubuntu Maverick)
Assignee: (unassigned) => Micah Gersten (micahg)
--
You received this bug
** Also affects: ca-certificates (Ubuntu)
Importance: Undecided
Status: New
** Also affects: nss (Ubuntu)
Importance: Undecided
Status: New
** Also affects: qt4-x11 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: ca-certificates (Ubuntu Natty)
Importanc
** Summary changed:
- Fraudulent *.google.com Certificate
+ fraudulent DigiNotar certificate issuance
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent Digi
73 matches
Mail list logo
