← Back to team overview

openjdk team mailing list archive

[Bug 920758] Re: DigiNotar Root CA still present in ca-certificates-java

 

This bug was fixed in the package ca-certificates-java -
20100412ubuntu0.10.10.1

---------------
ca-certificates-java (20100412ubuntu0.10.10.1) maverick-security; urgency=low

  * debian/postinst: forcibly remove diginotar cert. It could be left
    behind under certain circumstances. (LP: #920758)
  * debian/jks-keystore.hook: properly strip .pem extension from aliases.
    Also, look up and remove old incorrect aliases if necessary.
  * debian/control: bump ca-certificates Build-Depends to latest security
    update to make sure we don't bundle old certificates.
 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>   Fri, 23 Mar 2012 09:51:16 -0400

** Changed in: ca-certificates-java (Ubuntu Lucid)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https://bugs.launchpad.net/bugs/920758

Title:
  DigiNotar Root CA still present in ca-certificates-java

Status in “ca-certificates-java” package in Ubuntu:
  Fix Released
Status in “ca-certificates-java” source package in Lucid:
  Fix Released
Status in “ca-certificates-java” source package in Maverick:
  Fix Released
Status in “ca-certificates-java” source package in Natty:
  Fix Released
Status in “ca-certificates-java” source package in Oneiric:
  Fix Released
Status in “ca-certificates-java” source package in Precise:
  Fix Released

Bug description:
  Description:	Ubuntu 10.04.3 LTS
  Release:	10.04

  ca-certificates-java:
    Installed: 20100406ubuntu1
    Candidate: 20100406ubuntu1

  The DigiNotar root CA should have been globally purged as part of bug
  #837557. It appears to still be present in this package.

  When running the following command:
      keytool -v -list -alias diginotar_root_ca -keystore /usr/share/ca-certificates-java/cacerts

  The following is returned:
      Alias name: diginotar_root_ca
      Creation date: Apr 11, 2010
      Entry type: trustedCertEntry

      Owner: EMAILADDRESS=info@xxxxxxxxxxxx, CN=DigiNotar Root CA, O=DigiNotar, 
      Issuer: EMAILADDRESS=info@xxxxxxxxxxxx, CN=DigiNotar Root CA, O=DigiNotar
      Serial number: c76da9c910c4e2c9efe15d058933c4c
      Valid from: Wed May 16 10:19:36 PDT 2007 until: Mon Mar 31 11:19:21 PDT
      Certificate fingerprints:
         MD5:  7A:79:54:4D:07:92:3B:5B:FF:41:F0:0E:C7:39:A2:98
         SHA1: C0:60:ED:44:CB:D8:81:BD:0E:F8:6C:0B:A2:87:DD:CF:81:67:47:8C
         Signature algorithm name: SHA1withRSA
         Version: 3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/920758/+subscriptions



References