Package: ca-certificates Version: 20130610 Severity: normal The ca-certificates package ships certificates which are trusted for either CKA_TRUST_SERVER_AUTH or CKA_TRUST_EMAIL_PROTECTION.
Some of those CA certs are only valid for one or the other, and bundling them together is problematic. For example, the Verisign_Class_1_Public_Primary_Certification_Authority.pem cert is only valid for email, but can be currently used to validate web server certs. I'm not quite sure how we can resolve this, besides separating certs to be used for server validation from the certs to be used for email validation. See downstream bug report for more information: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1207004 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
