Your message dated Fri, 05 Jun 2020 17:02:08 +0000 with message-id <e1jhfjm-000dlh...@fasolo.debian.org> and subject line Bug#961907: fixed in ca-certificates 20200601~deb10u1 has caused the Debian Bug report #961907, regarding ca-certificates: Remove expired mozilla/AddTrust_External_Root.crt to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 961907: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961907 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ca-certificates Version: 20190110 Severity: important Dear Maintainer, The AddTrust_External_Root.crt certificate has expired, and its continued inclusion in the ca-certificates set is causing GnuTLS-based client applications (and OpenSSL 1.0.x) to barf on a lot of sites. It could probably be argued that this is a bug in GnuTLS rather than ca-certificates, but I don't see the point in keeping an expired certificate here. The problem is confirmed to affect Epiphany and VLC. See also: https://gitlab.com/gnutls/gnutls/-/issues/1008 https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration Best regards, -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, arm64 Kernel: Linux 5.6.0-2-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fi_FI.UTF-8), LANGUAGE=fr:en_GB:fi (charmap=UTF-8) (ignored: LC_ALL set to fi_FI.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ca-certificates depends on: ii debconf [debconf-2.0] 1.5.74 ii openssl 1.1.1g-1 ca-certificates recommends no packages. ca-certificates suggests no packages. -- debconf information excluded
--- End Message ---
--- Begin Message ---Source: ca-certificates Source-Version: 20200601~deb10u1 Done: Michael Shuler <mich...@pbandjelly.org> We believe that the bug you reported is fixed in the latest version of ca-certificates, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 961...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Shuler <mich...@pbandjelly.org> (supplier of updated ca-certificates package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 03 Jun 2020 13:09:34 -0500 Source: ca-certificates Architecture: source Version: 20200601~deb10u1 Distribution: buster Urgency: medium Maintainer: Michael Shuler <mich...@pbandjelly.org> Changed-By: Michael Shuler <mich...@pbandjelly.org> Closes: 911289 955038 956411 961907 Changes: ca-certificates (20200601~deb10u1) buster; urgency=medium . * Rebuild for buster. * Merge changes from 20200601 - d/control; set d/gbp.conf branch to debian-buster * This release updates the Mozilla CA bundle to 2.40, blacklists distrusted Symantec roots, and blacklists expired "AddTrust External Root". Closes: #956411, #955038, #911289, #961907 Checksums-Sha1: f020fb7815a9611704021209916abf624692125c 1837 ca-certificates_20200601~deb10u1.dsc 5f56d6d72598aaf0b5818fa629336dd56972314f 245828 ca-certificates_20200601~deb10u1.tar.xz Checksums-Sha256: 41120aa922b9520b73b88ef3fef18b807c7e5b6dd98c9dec51a3841dabe7fcb8 1837 ca-certificates_20200601~deb10u1.dsc 5911c0471fd83141285c56c414be7f6e7176f28dc8d14a3c55f06303b79a92aa 245828 ca-certificates_20200601~deb10u1.tar.xz Files: 446b9d09b73e92b641319ac58a28503d 1837 misc optional ca-certificates_20200601~deb10u1.dsc d31e6fb6f4f22c7ea7300b5022b71123 245828 misc optional ca-certificates_20200601~deb10u1.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl7aAJ0ACgkQiNJCh6LY mLG9zw//XDxRww0+aEwPrUbFOw9AhlPrs0kWRp3L4Zq3uc6+TtavRvf/8XE6JYTq 7woNmWI9Jl/GtukF2NZwXOW/CseAHhYU67epf9pX23tsLLYwjQqmGRtXxvPO90D7 Um3Hqu7HqNs4yJkX+iRZ7ENKiUqYBFrIt+vilIRthnEYmAxJ4QN5qQqnTsnb6MSO kdb096u1oxEg7+iP6fmFpe1RFd00leB/nKX4aR7oyXatgGm1NxoCWmPt/4wfiCd6 jj9abKAF6+bN7RuyoqkNnyhSHZN91R48eruoUXLlMGuC+sQUOwF6ppTfoBBordXJ bvkYf3fnCG6hI5gvpWmO+zw1g7+K/U1S+ldBDf831zmmjhCu7MFX3j7yYmkBr0sK y8H+EjVE88V0DZnyi/RxewuiuBzz0Ovw7aBW65Q4dzrUpG5OEF7Z3XBNJHJoMtVb /KZgEmCzGjJovcneU1ZeLfKbdP7RHse9Fa05XKXlDtpwTEKmXKUwStWK18DMcmlA gXTTF9Na3c4OWoRG+VQ198X4CKFSLd0Ia/LCDeYPc/KZRteRkULesZvKlTEuQMQc 6YAB3114U1KJLt8psY+gld9sGJKR4RllOuJpMaxlyE232tw5clmHvb2CQQGXAcIV EPrK9k0N3SqXdU79dZwQVtYVRPPDNnzu4Kz2mp16Uf4qHQRs1GQ= =rI/V -----END PGP SIGNATURE-----
--- End Message ---
