Your message dated Sat, 06 Jun 2020 11:32:26 +0000 with message-id <e1jhx3q-000j0p...@fasolo.debian.org> and subject line Bug#961907: fixed in ca-certificates 20200601~deb9u1 has caused the Debian Bug report #961907, regarding ca-certificates: Remove expired mozilla/AddTrust_External_Root.crt to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 961907: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961907 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ca-certificates Version: 20190110 Severity: important Dear Maintainer, The AddTrust_External_Root.crt certificate has expired, and its continued inclusion in the ca-certificates set is causing GnuTLS-based client applications (and OpenSSL 1.0.x) to barf on a lot of sites. It could probably be argued that this is a bug in GnuTLS rather than ca-certificates, but I don't see the point in keeping an expired certificate here. The problem is confirmed to affect Epiphany and VLC. See also: https://gitlab.com/gnutls/gnutls/-/issues/1008 https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration Best regards, -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, arm64 Kernel: Linux 5.6.0-2-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fi_FI.UTF-8), LANGUAGE=fr:en_GB:fi (charmap=UTF-8) (ignored: LC_ALL set to fi_FI.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ca-certificates depends on: ii debconf [debconf-2.0] 1.5.74 ii openssl 1.1.1g-1 ca-certificates recommends no packages. ca-certificates suggests no packages. -- debconf information excluded
--- End Message ---
--- Begin Message ---Source: ca-certificates Source-Version: 20200601~deb9u1 Done: Michael Shuler <mich...@pbandjelly.org> We believe that the bug you reported is fixed in the latest version of ca-certificates, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 961...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Shuler <mich...@pbandjelly.org> (supplier of updated ca-certificates package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 05 Jun 2020 11:52:50 -0500 Source: ca-certificates Binary: ca-certificates ca-certificates-udeb Architecture: source Version: 20200601~deb9u1 Distribution: stretch Urgency: medium Maintainer: Michael Shuler <mich...@pbandjelly.org> Changed-By: Michael Shuler <mich...@pbandjelly.org> Description: ca-certificates - Common CA certificates ca-certificates-udeb - Common CA certificates - udeb (udeb) Closes: 721976 911289 916833 955038 956411 961907 Changes: ca-certificates (20200601~deb9u1) stretch; urgency=medium . * Rebuild for stretch. * Merge changes from 20200601 - d/control * This release updates the Mozilla CA bundle to 2.40, blacklists distrusted Symantec roots, and blacklists expired "AddTrust External Root". Closes: #956411, #955038, #911289, #961907 * Fix permissions on /usr/local/share/ca-certificates when using symlinks. Closes: #916833 * Remove email-only roots from mozilla trust store. Closes: #721976 Checksums-Sha1: d07b156c902860559fcd8a7b15ff32527146d2f1 1855 ca-certificates_20200601~deb9u1.dsc f035e1faac582fa3d7896ac9cc90e26bf554e3f1 245956 ca-certificates_20200601~deb9u1.tar.xz Checksums-Sha256: 81772ce188acf4ef93aface3dc9fc0516fb193d1e7242c23a6e18a002a455302 1855 ca-certificates_20200601~deb9u1.dsc 873a9eb9ec66db1d9bc7c6829ee789fe6b1ba4ed497745df699b35145a3c98cd 245956 ca-certificates_20200601~deb9u1.tar.xz Files: 8038cddc87c85e5fb59a877f7a2965c3 1855 misc optional ca-certificates_20200601~deb9u1.dsc 03cbc91dcc4fe1f2bd8a8ee6b035c6f3 245956 misc optional ca-certificates_20200601~deb9u1.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl7ap3wACgkQiNJCh6LY mLGr5hAAt3neYIqMBwy5MKVycOqUzkeSBg7LncihwJKqkqhZTIZ3JwOjHNIQc9WF 1ccJJXJwY1naiGCCDnJPtfJmOQB26TXZ18CsiWIpvDa5b8wGkMx0g/Tud8FA5s6/ 5bf17DYWytyEmE05sfFJnv6jaRwZ82bRQvdUgfysZYsXPybqhoHrIt5eM7bgMwso vy37c9VpkhuzpWd0VyQdpVOUCfFgEYas4FjzKhadYaULRtwwsGOq56sXeS3OCvGf MQe4hRWaqi5kIfi6ZpaXS6xy0BzZPgvdhxgnaes4X4EHLGNJZwegwBgLGBFcf1Xb EPkaD0zSHa9LlMd3jRJYXK+DRNeOw6u/uTOCfBbihVdKku1vaJqBt11KP3nVepoS 6xwvwwGke08KuNdKnLKRXpZ4SU8Q5xT5b+jHV+Z+InX3yRmvYvC2SKkpkba9a+cb 0lnP1i0p7OGjmYL5JNyoOf2qcAxGE0QTmhpd/f7GxowmYgcVDdkMTar2LpwBiSZc oGWaJ/g3A1dlOith8kMD6KElhJnnbJoVzo7vM87lzvfYmF9KZOWaLABOZfOXgkZR ksYjaSH0P0Wn/UFmkWWtUiyvg6qszYjRi52LdSAAkUc1wfaYAGrsF0O05iUIrTYh uWa8yzv8Gp+6zj4aJq/B8/ywfDpk6sMOr61b7t8yHk1x+6vOzo4= =ihih -----END PGP SIGNATURE-----
--- End Message ---
