20161130+nmu1 (patches unapplied)

Imported using git-ubuntu import.
* Non-maintainer upload. * Add StartCom and WoSign certificates to mozilla/blacklist.txt as they are now untrusted by the major browser vendors. Closes: #858539
2025-04-13 09:38:26 +00:00 · 2017-05-19 16:53:16 +02:00 · 2017-05-19 16:53:16 +02:00 · 0a3d07219f · 2020-07-14 23:31:49 +00:00
commit 0a3d07219f
parent ecb7826d4f
2 changed files with 24 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,11 @@
+ca-certificates (20161130+nmu1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add StartCom and WoSign certificates to mozilla/blacklist.txt as they are
+    now untrusted by the major browser vendors. Closes: #858539
+
+ -- Chris Lamb <lamby@debian.org>  Fri, 19 May 2017 16:53:16 +0200
+
 ca-certificates (20161130) unstable; urgency=medium

  [ Philipp Kern ]
--- a/mozilla/blacklist.txt
+++ b/mozilla/blacklist.txt
@ -5,3 +5,19 @@

 # DigiNotar Root CA (see debbug#639744)
 "DigiNotar Root CA"
+
+# StartCom and WoSign certificates are now untrusted by the major browser
+# vendors[0]. See [1] for discussion. The list was generated by:
+#
+#   $ egrep 'WoSign|StartCom' mozilla/certdata.txt \
+#         | grep UTF | sed 's/CKA_LABEL UTF8 //' | uniq
+#
+# [0] https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
+# [1] https://bugs.debian.org/858539
+#
+"StartCom Certification Authority"
+"StartCom Certification Authority G2"
+"WoSign"
+"WoSign China"
+"Certification Authority of WoSign G2"
+"CA WoSign ECC Root"