X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=debian%2Fchangelog;h=220510879690bc8e264251eef692a2260f377787;hb=b4e18c985ee73b80f62fe2e5cb45c4d6cebb02e3;hp=ab517b6bba1965cc9d1cc762b413674b3c499330;hpb=e8469775905475f85f81fa96170e91c927722cb5;p=ca-certificates.git diff --git a/debian/changelog b/debian/changelog index ab517b6..2205108 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,80 @@ +ca-certificates (20111025.2) UNRELEASED; urgency=low + + * Blacklist "Bogus *" and "Explicitly Distrust DigiNotar *" certificates. + * Clarify CA audit note in package description and README.debian. Thanks + to C.J. Adams-Collier for the patch. Closes: #594383 + * Remove French Government IGC/A CA certificates. The RSA certificate is + included in the Mozilla bundle and the DSA certificate is not in use. + Closes: #646767 + + -- Michael Shuler Sat, 29 Oct 2011 08:16:09 -0500 + +ca-certificates (20111025) unstable; urgency=low + + [ Michael Shuler ] + * Add 3.0 (native) source format + * Add Vcs-Git/Browser fields + * Add myself as new Maintainer with Uploaders Closes: #588219 + * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13) + Certificates added (+) and removed (-): + + "AffirmTrust Commercial" + + "AffirmTrust Networking" + + "AffirmTrust Premium" + + "AffirmTrust Premium ECC" + + "A-Trust-nQual-03" + + "Bogus Global Trustee" + + "Bogus GMail" + + "Bogus Google" + + "Bogus kuix.de" + + "Bogus live.com" + + "Bogus Mozilla Addons" + + "Bogus Skype" + + "Bogus Yahoo 1" + + "Bogus Yahoo 2" + + "Bogus Yahoo 3" + + "Certinomis - Autorité Racine" + + "Certum Trusted Network CA" + + "Explicitly Distrust DigiNotar Cyber CA" + + "Explicitly Distrust DigiNotar Cyber CA 2nd" + + "Explicitly Distrust DigiNotar Root CA" + + "Explicitly Distrust DigiNotar Services 1024 CA" + + "Explicitly Distrusted DigiNotar PKIoverheid" + + "Explicitly Distrusted DigiNotar PKIoverheid G2" + + "Go Daddy Root Certificate Authority - G2" + + "Root CA Generalitat Valenciana" + + "Starfield Root Certificate Authority - G2" + + "Starfield Services Root Certificate Authority - G2" + + "TWCA Root Certification Authority" + - "AOL Time Warner Root Certification Authority 1" + - "AOL Time Warner Root Certification Authority 2" + - "DigiNotar Root CA" + - "Entrust.net Global Secure Personal CA" + - "Entrust.net Global Secure Server CA" + - "Entrust.net Secure Personal CA" + - "IPS Chained CAs root" + - "IPS CLASE1 root" + - "IPS CLASE3 root" + - "IPS CLASEA1 root" + - "IPS CLASEA3 root" + - "IPS Timestamping root" + - "Thawte Personal Freemail CA" + - "Thawte Time Stamping CA" + * "Bogus *" CAs above address Comodo MITM 03/11 Closes: #619587 + * Update CAcert-Class 3-Subroot-certificate Closes: #630232 + + [ Steve Langasek ] + * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of + the way before calling c_rehash, so that symlinks don't accidentally get + pointed here, breaking openssl certificate verification LP: #854927 + + [ Loïc Minier ] + * Drop bogus c_rehash on upgrades, which caused issue when + ca-certificates.crt was still in place; instead, call + update-ca-certificates --fresh on upgrades to this version, and + the usual update-ca-certificates otherwise Closes: #643667, #537382 + + -- Michael Shuler Tue, 25 Oct 2011 09:12:10 -0500 + ca-certificates (20111022) unstable; urgency=low * QA upload.