Your message dated Tue, 02 Jun 2020 09:33:46 +0000 with message-id <e1jg3io-000g42...@fasolo.debian.org> and subject line Bug#961907: fixed in ca-certificates 20200601 has caused the Debian Bug report #961907, regarding ca-certificates: Remove expired mozilla/AddTrust_External_Root.crt to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 961907: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961907 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ca-certificates Version: 20190110 Severity: important Dear Maintainer, The AddTrust_External_Root.crt certificate has expired, and its continued inclusion in the ca-certificates set is causing GnuTLS-based client applications (and OpenSSL 1.0.x) to barf on a lot of sites. It could probably be argued that this is a bug in GnuTLS rather than ca-certificates, but I don't see the point in keeping an expired certificate here. The problem is confirmed to affect Epiphany and VLC. See also: https://gitlab.com/gnutls/gnutls/-/issues/1008 https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration Best regards, -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, arm64 Kernel: Linux 5.6.0-2-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fi_FI.UTF-8), LANGUAGE=fr:en_GB:fi (charmap=UTF-8) (ignored: LC_ALL set to fi_FI.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ca-certificates depends on: ii debconf [debconf-2.0] 1.5.74 ii openssl 1.1.1g-1 ca-certificates recommends no packages. ca-certificates suggests no packages. -- debconf information excluded
--- End Message ---
--- Begin Message ---Source: ca-certificates Source-Version: 20200601 Done: Michael Shuler <mich...@pbandjelly.org> We believe that the bug you reported is fixed in the latest version of ca-certificates, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 961...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Shuler <mich...@pbandjelly.org> (supplier of updated ca-certificates package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 01 Jun 2020 11:45:49 -0500 Source: ca-certificates Architecture: source Version: 20200601 Distribution: unstable Urgency: medium Maintainer: Michael Shuler <mich...@pbandjelly.org> Changed-By: Michael Shuler <mich...@pbandjelly.org> Closes: 911289 955038 956411 961907 Changes: ca-certificates (20200601) unstable; urgency=medium . * debian/control: Set Standards-Version: 4.5.0.2 Set Build-Depends: debhelper-compat (= 13) * debian/copyright: Replace tabs in license text * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.40. Closes: #956411, #955038 * mozilla/blacklist.txt Add distrusted Symantec CA list to blacklist for explicit removal. Closes: #911289 Blacklist expired root certificate, "AddTrust External Root" Closes: #961907 The following certificate authorities were added (+): + "Certigna Root CA" + "emSign ECC Root CA - C3" + "emSign ECC Root CA - G3" + "emSign Root CA - C1" + "emSign Root CA - G1" + "Entrust Root Certification Authority - G4" + "GTS Root R1" + "GTS Root R2" + "GTS Root R3" + "GTS Root R4" + "Hongkong Post Root CA 3" + "UCA Extended Validation Root" + "UCA Global G2 Root" The following certificate authorities were removed (-): - "AddTrust External Root" - "Certinomis - Root CA" - "Certplus Class 2 Primary CA" - "Deutsche Telekom Root CA 2" - "GeoTrust Global CA" - "GeoTrust Primary Certification Authority" - "GeoTrust Primary Certification Authority - G2" - "GeoTrust Primary Certification Authority - G3" - "GeoTrust Universal CA" - "thawte Primary Root CA" - "thawte Primary Root CA - G2" - "thawte Primary Root CA - G3" - "VeriSign Class 3 Public Primary Certification Authority - G4" - "VeriSign Class 3 Public Primary Certification Authority - G5" - "VeriSign Universal Root Certification Authority" Checksums-Sha1: a50340689426d06821d0200f76b674f81c27e703 1582 ca-certificates_20200601.dsc f17235bc9c3aec538065a655681815c242a6d7d5 245668 ca-certificates_20200601.tar.xz Checksums-Sha256: 4c18f8be89824bc7e4c51895e513b0d8b748ea84e8190571aa4126ad9dcdd1fe 1582 ca-certificates_20200601.dsc 43766d5a436519503dfd65ab83488ae33ab4d4ca3d0993797b58c92eb9ed4e63 245668 ca-certificates_20200601.tar.xz Files: 47c286787c4b1c5881721370eec53369 1582 misc optional ca-certificates_20200601.dsc 9b37bd1bc002d9f041c0a811667cb65a 245668 misc optional ca-certificates_20200601.tar.xz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAl7WGXIACgkQXkCM2RzY OdIAgwf/STormWX7W2/whWSdJst/GJKJYqNTMihwKWQ9Hh3MXaZtvmFnLQS5CJ3M S0nizUZJ002glsUJoJCtKLcsM2Zs1TFFq10cl6ibpMzHcxGLR3QFfzOdwdPiN1YM 2zRxuVabcs8QLYqpxgZ1ZC34IgfwkHVNbYEyKu6IvWLYDI8fA8txJOcrBI1O679m t+0VToEsSxmKkLPqr0kNZwVE8i1QbvjIqLysUDrcXLxUAOcEQpgJ5nCPKxGAaxjN mqNNjIslp0znuRC6/iFOUSkAxkeUN07fu+qmm/NIO9B0+OHqLFi/hINC9oCiEQxD RA3BliNRYLdKzjKQEHhBPjAW9xZ5pw== =KDkw -----END PGP SIGNATURE-----
--- End Message ---
