-ca-certificates (20111022.1) UNRELEASED; urgency=low
+ca-certificates (20111025.1) UNRELEASED; urgency=low
- TODO: set version to release date, unstable, and delete this line
+ * Blacklist "Bogus *" and "Explicitly Distrust DigiNotar *" certificates.
+ * Clarify CA audit note in README.debian. Thanks to C.J. Adams-Collier for
+ the patch. Closes: #594383
+ * Remove French Government IGC/A CA certificates. The RSA certificate is
+ included in the Mozilla bundle and the DSA certificate is not in use.
+ Closes: #646767
+
+ -- Michael Shuler <michael@pbandjelly.org> Fri, 28 Oct 2011 21:15:01 -0500
+
+ca-certificates (20111025) unstable; urgency=low
[ Michael Shuler ]
* Add 3.0 (native) source format
- "IPS Timestamping root"
- "Thawte Personal Freemail CA"
- "Thawte Time Stamping CA"
- *
+ * "Bogus *" CAs above address Comodo MITM 03/11 Closes: #619587
+ * Update CAcert-Class 3-Subroot-certificate Closes: #630232
+
+ [ Steve Langasek ]
+ * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
+ the way before calling c_rehash, so that symlinks don't accidentally get
+ pointed here, breaking openssl certificate verification LP: #854927
+
+ [ Loïc Minier ]
+ * Drop bogus c_rehash on upgrades, which caused issue when
+ ca-certificates.crt was still in place; instead, call
+ update-ca-certificates --fresh on upgrades to this version, and
+ the usual update-ca-certificates otherwise Closes: #643667, #537382
- -- Michael Shuler <michael@pbandjelly.org> Sun, 23 Oct 2011 16:56:46 -0500
+ -- Michael Shuler <michael@pbandjelly.org> Tue, 25 Oct 2011 09:12:10 -0500
ca-certificates (20111022) unstable; urgency=low