Bug#927879: ca-certificates should not hardcode QuoVadis certificate authorities in /etc/ca-certificates.conf

On Thu, 25 Apr 2019 18:38:04 +0200 Kurt Roeckx wrote: > So far "normal use", we install the list as provided > by Mozilla as the default. > > > Kurt Lol... im guessing Debian security should have spotted this issue before me. I am sorry but it is not very careful to trust and import any

Bug#927879: ca-certificates should not hardcode QuoVadis certificate authorities in /etc/ca-certificates.conf

the correct place to, for instance, > submit concrete evidence on the topic, not the BTS.) > > On 4/24/19 9:47 AM, Soppy bear wrote: > > 1. The configuration file /etc/ca-certificates.conf is hard coding > > potentially > > insecure mozilla/QuoVadis certificate auth

Bug#927879: ca-certificates should not hardcode QuoVadis certificate authorities in /etc/ca-certificates.conf

Package: ca-certificates Version: 20190110 Severity: normal 1. The configuration file /etc/ca-certificates.conf is hard coding potentially insecure mozilla/QuoVadis certificate authorities into the base system. This change might unintentionally affect TLS security in future releases of Debian and