[conspire] Ubuntu blacklisting DigiNotar

Edward Mokurai Cherlin mokurai at sugarlabs.org
Tue Sep 13 16:14:00 PDT 2011

Patches received yesterday for Common CA certificates

Version 20090814+nmu2ubuntu0.1:

  * SECURITY UPDATE: Blacklist "DigiNotar Root CA" due to fraudulent
    certificate issuance (LP: #837557)
    - update mozilla/blacklist.txt

and Network Security Service libraries

Version 3.12.9+ckbi-1.82-0ubuntu2.1:

  * SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
    3.12.9 to remove the DigiNotar certificates and actively distrust them;
    Thanks to Mike Hommey from Debian for the original patch (LP: #837557)
    - mozilla/security/nss/lib/ckfw/builtins/certdata.*:
      Explicitely distrust various DigiNotar CAs:
      - DigiNotar Root CA
      - DigiNotar Services 1024 CA
      - DigiNotar Cyber CA
      - DigiNotar Cyber CA 2nd
      - DigiNotar PKIoverheid
      - DigiNotar PKIoverheid G2
    - mozilla/security/nss/lib/ckfw/builtins/certdata.*:
      Remove DigiNotar Root CA.

I still expect more shoes to drop.

Edward Mokurai (默雷/धर्ममेघशब्दगर्ज/دھرممیگھشبدگر ج) Cherlin
Silent Thunder is my name, and Children are my nation.
The Cosmos is my dwelling place, the Truth my destination.

More information about the conspire mailing list