diff options
author | Antoine Beaupré <anarcat@debian.org> | 2017-07-06 13:16:23 -0400 |
---|---|---|
committer | Antoine Beaupré <anarcat@debian.org> | 2017-07-06 13:16:23 -0400 |
commit | c5f9e62eb3a307ccb3d581dba7c38d19b6a5ba87 (patch) | |
tree | 1619921992564f893c31a96c49df6abce13af496 | |
parent | e401d38f830c46759d05737482bcd799ed1e5707 (diff) | |
download | ca-certificates-c5f9e62eb3a307ccb3d581dba7c38d19b6a5ba87.tar.gz |
merge in NMU for #858539debian/20161130+nmu1
-rw-r--r-- | debian/changelog | 8 | ||||
-rw-r--r-- | mozilla/blacklist.txt | 16 |
2 files changed, 24 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 3572b35..9d8b446 100644 --- a/debian/changelog +++ b/debian/changelog @@ -30,6 +30,14 @@ ca-certificates (20170123) UNRELEASED; urgency=medium -- Michael Shuler <michael@pbandjelly.org> Mon, 23 Jan 2017 16:57:18 -0600 +ca-certificates (20161130+nmu1) unstable; urgency=medium + + * Non-maintainer upload. + * Add StartCom and WoSign certificates to mozilla/blacklist.txt as they are + now untrusted by the major browser vendors. Closes: #858539 + + -- Chris Lamb <lamby@debian.org> Fri, 19 May 2017 16:53:16 +0200 + ca-certificates (20161130) unstable; urgency=medium [ Philipp Kern ] diff --git a/mozilla/blacklist.txt b/mozilla/blacklist.txt index 911f9f1..6ea1732 100644 --- a/mozilla/blacklist.txt +++ b/mozilla/blacklist.txt @@ -5,3 +5,19 @@ # DigiNotar Root CA (see debbug#639744) "DigiNotar Root CA" + +# StartCom and WoSign certificates are now untrusted by the major browser +# vendors[0]. See [1] for discussion. The list was generated by: +# +# $ egrep 'WoSign|StartCom' mozilla/certdata.txt \ +# | grep UTF | sed 's/CKA_LABEL UTF8 //' | uniq +# +# [0] https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ +# [1] https://bugs.debian.org/858539 +# +"StartCom Certification Authority" +"StartCom Certification Authority G2" +"WoSign" +"WoSign China" +"Certification Authority of WoSign G2" +"CA WoSign ECC Root" |