From 1efe81a680eedb94111716c8825290a0cde509af Mon Sep 17 00:00:00 2001 From: Michael Shuler Date: Mon, 1 Jun 2020 13:53:02 -0500 Subject: Set release 20200601; add Symantec CAs to blacklist --- debian/changelog | 20 +++++++++++++++++--- mozilla/blacklist.txt | 22 ++++++++++++++++++++++ 2 files changed, 39 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index e6647ed..03b3bba 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,7 +1,10 @@ -ca-certificates (20200118) UNRELEASED; urgency=medium +ca-certificates (20200601) unstable; urgency=medium * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.40. + Closes: #956411, #955038 + * Add distrusted Symantec CA list to blacklist for explicit removal. + Closes: #911289 The following certificate authorities were added (+): + "Certigna Root CA" + "emSign ECC Root CA - C3" @@ -20,8 +23,19 @@ ca-certificates (20200118) UNRELEASED; urgency=medium - "Certinomis - Root CA" - "Certplus Class 2 Primary CA" - "Deutsche Telekom Root CA 2" - - -- Michael Shuler Sat, 18 Jan 2020 09:38:06 -0600 + - "GeoTrust Global CA" + - "GeoTrust Primary Certification Authority" + - "GeoTrust Primary Certification Authority - G2" + - "GeoTrust Primary Certification Authority - G3" + - "GeoTrust Universal CA" + - "thawte Primary Root CA" + - "thawte Primary Root CA - G2" + - "thawte Primary Root CA - G3" + - "VeriSign Class 3 Public Primary Certification Authority - G4" + - "VeriSign Class 3 Public Primary Certification Authority - G5" + - "VeriSign Universal Root Certification Authority" + + -- Michael Shuler Mon, 01 Jun 2020 11:45:49 -0500 ca-certificates (20190110) unstable; urgency=high diff --git a/mozilla/blacklist.txt b/mozilla/blacklist.txt index 37f515c..8914d97 100644 --- a/mozilla/blacklist.txt +++ b/mozilla/blacklist.txt @@ -11,3 +11,25 @@ "TURKTRUST Mis-issued Intermediate CA 1" "TURKTRUST Mis-issued Intermediate CA 2" +# Distrusted Symantec Root CAs: +"GeoTrust Global CA" +"GeoTrust Primary Certification Authority" +"GeoTrust Primary Certification Authority - G2" +"GeoTrust Primary Certification Authority - G3" +"GeoTrust Universal CA" +"Thawte Premium Server CA" +"thawte Primary Root CA" +"thawte Primary Root CA - G2" +"thawte Primary Root CA - G3" +"Symantec Class 1 Public Primary Certification Authority - G4" +"Symantec Class 1 Public Primary Certification Authority - G6" +"Symantec Class 2 Public Primary Certification Authority - G4" +"Symantec Class 2 Public Primary Certification Authority - G6" +"Symantec Class 3 Public Primary Certification Authority - G4" +"Symantec Class 3 Public Primary Certification Authority - G6" +"VeriSign Class 1 Public Primary Certification Authority - G3" +"VeriSign Class 2 Public Primary Certification Authority - G3" +"VeriSign Class 3 Public Primary Certification Authority - G3" +"VeriSign Class 3 Public Primary Certification Authority - G4" +"VeriSign Class 3 Public Primary Certification Authority - G5" +"VeriSign Universal Root Certification Authority" -- cgit v1.2.1