desktop-packages team mailing list archive

Thread
Date

[Bug 837557] Re: fraudulent DigiNotar certificate issuance

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Anonymous <837557@xxxxxxxxxxxxxxxxxx>
Date: Thu, 01 Sep 2011 00:04:21 -0000
Reply-to: Bug 837557 <837557@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Also affects SeaMonkey (https://launchpad.net/ubuntu/+source/seamonkey).
Please update SeaMonkey to version 2.3.2 so that this problem can be
prevented there too. SeaMonkey version 2.3.2 erroneously identifies
itself as version 2.3.1 (see
https://bugzilla.mozilla.org/show_bug.cgi?id=683473). If you need to
check that it's really 2.3.2 and not 2.3.1, go to
https://www.diginotar.nl/ or to any other page signed by Diginotar.
Version 2.3.1 will display the page without complaining whereas 2.3.2
will complain that the site is insecure.

** Bug watch added: Mozilla Bugzilla #683473
   https://bugzilla.mozilla.org/show_bug.cgi?id=683473

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557

Title:
  fraudulent DigiNotar certificate issuance

Status in “ca-certificates” package in Ubuntu:
  New
Status in “firefox” package in Ubuntu:
  Fix Released
Status in “nss” package in Ubuntu:
  New
Status in “qt4-x11” package in Ubuntu:
  New
Status in “thunderbird” package in Ubuntu:
  In Progress
Status in “xulrunner-1.9.2” package in Ubuntu:
  Invalid
Status in “ca-certificates” source package in Lucid:
  New
Status in “firefox” source package in Lucid:
  Fix Released
Status in “nss” source package in Lucid:
  New
Status in “qt4-x11” source package in Lucid:
  New
Status in “thunderbird” source package in Lucid:
  In Progress
Status in “xulrunner-1.9.2” source package in Lucid:
  Fix Released
Status in “ca-certificates” source package in Maverick:
  In Progress
Status in “firefox” source package in Maverick:
  Fix Released
Status in “nss” source package in Maverick:
  New
Status in “qt4-x11” source package in Maverick:
  New
Status in “thunderbird” source package in Maverick:
  In Progress
Status in “xulrunner-1.9.2” source package in Maverick:
  Fix Released
Status in “ca-certificates” source package in Natty:
  In Progress
Status in “firefox” source package in Natty:
  Fix Released
Status in “nss” source package in Natty:
  New
Status in “qt4-x11” source package in Natty:
  New
Status in “thunderbird” source package in Natty:
  In Progress
Status in “xulrunner-1.9.2” source package in Natty:
  Triaged
Status in “ca-certificates” source package in Oneiric:
  New
Status in “firefox” source package in Oneiric:
  Fix Released
Status in “nss” source package in Oneiric:
  New
Status in “qt4-x11” source package in Oneiric:
  New
Status in “thunderbird” source package in Oneiric:
  In Progress
Status in “xulrunner-1.9.2” source package in Oneiric:
  Invalid

Bug description:
  WORKAROUND (from blog post):
  http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert

  -------------------------------------------------

  http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-
  certificate/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/837557/+subscriptions

References

[Bug 837557] [NEW] Fraudulent *.google.com Certificate
From: Micah Gersten, 2011-08-30