Your message dated Sun, 20 Dec 2015 10:06:36 +0000
with message-id <[email protected]>
and subject line Bug#611501: fixed in ca-certificates 20151214
has caused the Debian Bug report #611501,
regarding /usr/local/share/ca-certificates/ group-writable
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
611501: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611501
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ca-certificates
Version: 20090814+nmu2
Severity: important
Tags: security
Hi.
Files in /usr/local/share/ca-certificates/ are installed as system wide
certificates, thus even affecting root (e.g. if he or the system security
depends on a "secure" /etc/ssl/certs)
This directory is however owned by group staff and group-writable, which is
IMHO a reasonable big security problem.
Could you consider to change this (and especially also change it on already
existing installations).
Cheers,
Chris.
--- End Message ---
--- Begin Message ---
Source: ca-certificates
Source-Version: 20151214
We believe that the bug you reported is fixed in the latest version of
ca-certificates, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Shuler <[email protected]> (supplier of updated ca-certificates
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 14 Dec 2015 18:51:50 -0600
Source: ca-certificates
Binary: ca-certificates
Architecture: source all
Version: 20151214
Distribution: unstable
Urgency: medium
Maintainer: Michael Shuler <[email protected]>
Changed-By: Michael Shuler <[email protected]>
Description:
ca-certificates - Common CA certificates
Closes: 611501 783615 789753 796208
Changes:
ca-certificates (20151214) unstable; urgency=medium
.
* Removed SPI CA. Closes: #796208
* debian/{compat,control}:
Updated d/compat to version 9 and updated Build-Depends.
* debian/postinst:
Handle /usr/local/share/ca-certificates permissions and ownership on
upgrade. Closes: #611501
* mozilla/certdata2pem.py:
Add Python 3 support to ca-certificates.
Thanks to Andrew Wilcox and Richard Ipsum for the patch! Closes: #789753
* sbin/update-ca-certificates:
Update local certificates directory when calling --fresh.
Thanks for the patch, Daniel Lutz! Closes: #783615
* mozilla/{certdata.txt,nssckbi.h}:
Update Mozilla certificate authority bundle to version 2.6.
The following certificate authorities were added (+):
+ "CA WoSign ECC Root"
+ "Certification Authority of WoSign G2"
+ "Certinomis - Root CA"
+ "OISTE WISeKey Global Root GB CA"
+ "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
+ "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
The following certificate authorities were removed (-):
- "A-Trust-nQual-03"
- "Buypass Class 3 CA 1"
- "ComSign Secured CA"
- "Digital Signature Trust Co. Global CA 1"
- "Digital Signature Trust Co. Global CA 3"
- "SG TRUST SERVICES RACINE"
- "TC TrustCenter Class 2 CA II"
- "TC TrustCenter Universal CA I"
- "TURKTRUST Certificate Services Provider Root 1"
- "TURKTRUST Certificate Services Provider Root 2"
- "UTN DATACorp SGC Root CA"
- "Verisign Class 4 Public Primary Certification Authority - G3"
Checksums-Sha1:
12ebddaa1aae04c9309c71671247a8079e5f9bf5 1405 ca-certificates_20151214.dsc
c993a9a44cf2bf2d7282699fd0415f2b5d52fa00 293672 ca-certificates_20151214.tar.xz
6c60f8af11fb8a4378092f40d1b1083f3e95adbb 199574
ca-certificates_20151214_all.deb
Checksums-Sha256:
07f110fc0d0691ec8c127b052f0ebee65e9f32684868b12735b9d57a7cd9d90f 1405
ca-certificates_20151214.dsc
59286e6403f482a24c672e09b810c7d089a73153d4772ff4a66e86053a920525 293672
ca-certificates_20151214.tar.xz
6b84bef92f6f76f96502326437ed5987bd6d852ce025513f6d26655e14910b10 199574
ca-certificates_20151214_all.deb
Files:
edef46f1bb2d172075ea93b85bf62ded 1405 misc optional
ca-certificates_20151214.dsc
2233bfa64af6f58f5eca9735b6742818 293672 misc optional
ca-certificates_20151214.tar.xz
3ad959fc9ea29346d10667a83b1a563f 199574 misc optional
ca-certificates_20151214_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJWdnqjAAoJEFb2GnlAHawEnaEH/jLKQINK+cqeHt8vCFI6p65Y
NsJ8lxRQxU6OtRTAuU1ZfeDzPCB8JX73SpAcoQUpf4RVaFei/trUONSIE948wKfB
gZTHOz+PgOckBLzvnTcri8vcOyt3a9Z2b6Ykxmh40WHihI9ibb1hDo+15+HFuGhV
+qUk1yTmfSF0UXtkLQFbV+niWXfphGLKcMGlVgRNsKbiG+tYu1P2d56SzwWY2yjp
uqyK9B2jfAYSSyd5vpLjFTiVvyjo2R2QjnO5tcNco2VGzPshA/eBH1DurEEb+DcD
qSB3oK3X2nFuALV/Js6yu1ik/SkK+M1Zdn/hDhdDv6KR5m68uOfA2BDjYwwR8Cw=
=iZAZ
-----END PGP SIGNATURE-----
--- End Message ---
