openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #10003
[Bug 1258286] Re: CAcert should not be trusted by default
This bug was fixed in the package nss - 2:3.15.4-0ubuntu0.13.10.2
---------------
nss (2:3.15.4-0ubuntu0.13.10.2) saucy-security; urgency=medium
* SECURITY UPDATE: incorrect IDNA wildcard handling
- debian/patches/CVE-2014-1492.patch: conform to RFC 6125 in
nss/lib/certdb/certdb.c.
- CVE-2014-1492
* No longer ship cacert.org certificates. (LP: #1258286)
- removed debian/patches/95_add_spi+cacert_ca_certs.patch
- added debian/patches/95_add_spi_certs.patch
-- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx> Wed, 02 Apr 2014 10:19:23 -0400
** Changed in: nss (Ubuntu Saucy)
Status: New => Fix Released
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https://bugs.launchpad.net/bugs/1258286
Title:
CAcert should not be trusted by default
Status in “ca-certificates” package in Ubuntu:
Fix Released
Status in “ca-certificates-java” package in Ubuntu:
Fix Released
Status in “nss” package in Ubuntu:
Fix Released
Status in “ca-certificates” source package in Lucid:
Fix Released
Status in “ca-certificates-java” source package in Lucid:
New
Status in “nss” source package in Lucid:
New
Status in “ca-certificates” source package in Precise:
Fix Released
Status in “ca-certificates-java” source package in Precise:
New
Status in “nss” source package in Precise:
Fix Released
Status in “ca-certificates” source package in Quantal:
Fix Released
Status in “ca-certificates-java” source package in Quantal:
New
Status in “nss” source package in Quantal:
Fix Released
Status in “ca-certificates” source package in Saucy:
Fix Released
Status in “ca-certificates-java” source package in Saucy:
New
Status in “nss” source package in Saucy:
Fix Released
Status in “ca-certificates” source package in Trusty:
Fix Released
Status in “ca-certificates-java” source package in Trusty:
Fix Released
Status in “nss” source package in Trusty:
Fix Released
Status in “ca-certificates” package in Debian:
Fix Released
Status in “ca-certificates-java” package in Debian:
Fix Released
Bug description:
Ubuntu is one of the few distributions shipping CAcert as a trusted
certificate. Many distributions are considering[1] whether to remove
CAcert, and Mozilla closed the RFE[2] for CAcert in 2008, which was
opened in 2003.
Concerns were expressed about CAcert's code quality[3], and their
audit appears to be stalled.
In the past, it appears that Ubuntu disabled[4] CAcert, but this is no
longer the case. It may be wise to do so again.
[1]:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434#50
[2]: https://bugzilla.mozilla.org/show_bug.cgi?id=215243
[3]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434#45
[4]: http://wiki.cacert.org/InclusionStatus?highlight=Ubuntu
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1258286/+subscriptions