← Back to team overview

desktop-packages team mailing list archive

  1. desktop-packages team
  2. Mailing list archive
  3. Message #13072

[Bug 837557] Re: fraudulent DigiNotar certificate issuance

  Thread PreviousDate PreviousThread Next 
This bug was fixed in the package nss -
3.12.9+ckbi-1.82-0ubuntu0.10.04.3

---------------
nss (3.12.9+ckbi-1.82-0ubuntu0.10.04.3) lucid-security; urgency=low

  * SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
    3.12.9 to remove the DigiNotar certificates and actively distrust them;
    Thanks to Mike Hommey from Debian for the original patch (LP: #837557)
    - mozilla/security/nss/lib/ckfw/builtins/certdata.*:
      Explicitely distrust various DigiNotar CAs:
      - DigiNotar Root CA
      - DigiNotar Services 1024 CA
      - DigiNotar Cyber CA
      - DigiNotar Cyber CA 2nd
      - DigiNotar PKIoverheid
      - DigiNotar PKIoverheid G2
    - mozilla/security/nss/lib/ckfw/builtins/certdata.*:
      Remove DigiNotar Root CA.
 -- Micah Gersten <micahg@xxxxxxxxxx>   Wed, 07 Sep 2011 14:53:13 -0500

** Changed in: nss (Ubuntu Lucid)
       Status: In Progress => Fix Released

** Changed in: nss (Ubuntu Maverick)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/837557

Title:
  fraudulent DigiNotar certificate issuance

Status in “ca-certificates” package in Ubuntu:
  Fix Released
Status in “chromium-browser” package in Ubuntu:
  Confirmed
Status in “firefox” package in Ubuntu:
  Fix Released
Status in “nss” package in Ubuntu:
  Confirmed
Status in “qt4-x11” package in Ubuntu:
  Triaged
Status in “seamonkey” package in Ubuntu:
  Confirmed
Status in “thunderbird” package in Ubuntu:
  Fix Released
Status in “xulrunner-1.9.2” package in Ubuntu:
  Invalid
Status in “ca-certificates” source package in Lucid:
  Fix Committed
Status in “chromium-browser” source package in Lucid:
  Confirmed
Status in “firefox” source package in Lucid:
  Fix Released
Status in “nss” source package in Lucid:
  Fix Released
Status in “qt4-x11” source package in Lucid:
  Confirmed
Status in “seamonkey” source package in Lucid:
  Confirmed
Status in “thunderbird” source package in Lucid:
  Fix Released
Status in “xulrunner-1.9.2” source package in Lucid:
  Fix Released
Status in “ca-certificates” source package in Maverick:
  Fix Committed
Status in “chromium-browser” source package in Maverick:
  Confirmed
Status in “firefox” source package in Maverick:
  Fix Released
Status in “nss” source package in Maverick:
  Fix Released
Status in “qt4-x11” source package in Maverick:
  In Progress
Status in “seamonkey” source package in Maverick:
  Confirmed
Status in “thunderbird” source package in Maverick:
  Fix Released
Status in “xulrunner-1.9.2” source package in Maverick:
  Fix Released
Status in “ca-certificates” source package in Natty:
  Fix Committed
Status in “chromium-browser” source package in Natty:
  Confirmed
Status in “firefox” source package in Natty:
  Fix Released
Status in “nss” source package in Natty:
  Fix Released
Status in “qt4-x11” source package in Natty:
  In Progress
Status in “seamonkey” source package in Natty:
  Confirmed
Status in “thunderbird” source package in Natty:
  Fix Released
Status in “xulrunner-1.9.2” source package in Natty:
  Triaged
Status in “ca-certificates” source package in Oneiric:
  Fix Released
Status in “chromium-browser” source package in Oneiric:
  Confirmed
Status in “firefox” source package in Oneiric:
  Fix Released
Status in “nss” source package in Oneiric:
  Confirmed
Status in “qt4-x11” source package in Oneiric:
  Triaged
Status in “seamonkey” source package in Oneiric:
  Confirmed
Status in “thunderbird” source package in Oneiric:
  Fix Released
Status in “xulrunner-1.9.2” source package in Oneiric:
  Invalid
Status in “ca-certificates” package in Debian:
  Fix Released

Bug description:
  USN Information: This is being tracked in USN-1197-*

  NOTE: The Firefox update causes a regression for certain Dutch sites which is being tracked in Bug #838322.
  NOTE #2: The current update for Thunderbird still shows the DigiNotar Root CA as trusted in the certificate manager.  This is due to Thunderbird using the system version of NSS. In this initial update, Thunderbird will actively distrust any certificate signed by the DigiNotar Root CA.  Future updates will properly show the root CA as distrusted in the certificate manager.

  WORKAROUND (from blog post):
  http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert

  -------------------------------------------------

  http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-
  certificate/

  Qt 4.7 blog post: http://labs.qt.nokia.com/2011/09/07/what-the-
  diginotar-security-breach-means-for-qt-users-continued/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/837557/+subscriptions

References

  Thread PreviousDate PreviousThread Next