Nora Blob: those are blacklist entries. See details at
https://security.stackexchange.com/questions/174474/why-is-diginotar-ca-
still-in-my-mozilla-firefox.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hello Oliver Tilloy,
can you verify this issue?
Best regrads
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To manage notifications about
Hello Oliver Tilloy,
I can reproduce this issue in
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 18.04.1 LTS
Release:18.04
Codename: bionic
I created a new profile with firefox -p --new-instance, and get the
certificates in the new profile with the new
Nora Blob, Ubuntu 17.10 is EOL and not supported any longer. Is the
issue present in a supported release of Ubuntu (14.04, 16.04, 18.04,
18.10) or in the current development version (19.04) ?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
** Attachment added: "certs.tar.bz2.gpg"
https://bugs.launchpad.net/ubuntu/+source/seamonkey/+bug/837557/+attachment/5215892/+files/certs.tar.bz2.gpg
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Attachment added: "certs.tar.bz2"
https://bugs.launchpad.net/ubuntu/+source/seamonkey/+bug/837557/+attachment/5215891/+files/certs.tar.bz2
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
Hello I observed this issue in:
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 17.10
Release:17.10
Codename: artful
I also observed it in a local build from the gentoo repositories. I
attached the certs and will open issues at gentoo and mozilla.
--
** Changed in: ca-certificates (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar
** Changed in: ca-certificates (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate
** Branch unlinked: lp:~mozillateam/firefox/firefox.head
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To manage notifications
** Branch unlinked: lp:~mozillateam/firefox/firefox.head
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To manage notifications about this
** Changed in: seamonkey (Ubuntu Lucid)
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To
This bug was fixed in the package xulrunner-1.9.2 - 1.9.2.27+build1
+nobinonly-0ubuntu0.11.04.1
---
xulrunner-1.9.2 (1.9.2.27+build1+nobinonly-0ubuntu0.11.04.1) natty-security;
urgency=low
* SECURITY UPDATE: New upstream release v1.9.2.27 (FIREFOX_3_6_27_BUILD1)
See the
** Branch linked: lp:ubuntu/natty-security/xulrunner-1.9.2
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To manage notifications
Fixed in 14.0.835.202~r103287-0ubuntu0.11.04.1
** Changed in: chromium-browser (Ubuntu Natty)
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
** Changed in: chromium-browser (Ubuntu Lucid)
Status: Confirmed = Fix Committed
** Changed in: chromium-browser (Ubuntu Maverick)
Status: Confirmed = Fix Committed
** Changed in: chromium-browser (Ubuntu Natty)
Status: Confirmed = Fix Committed
--
You received this bug
Fixed in 14.0.835.202~r103287-0ubuntu0.10.04.2
** Changed in: chromium-browser (Ubuntu Lucid)
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
Fixed in 14.0.835.202~r103287-0ubuntu0.10.10.1
** Changed in: chromium-browser (Ubuntu Maverick)
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
Fixed with the recent update to Chromium 14.
** Changed in: chromium-browser (Ubuntu Oneiric)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
This bug was fixed in the package qt4-x11 - 4:4.6.2-0ubuntu5.3
---
qt4-x11 (4:4.6.2-0ubuntu5.3) lucid-security; urgency=low
* SECURITY UPDATE: Blacklist Diginotar root and intermediate certificates;
Fraudulent certificates were mis-issued that could allow an attacker to
This bug was fixed in the package qt4-x11 - 4:4.7.0-0ubuntu4.4
---
qt4-x11 (4:4.7.0-0ubuntu4.4) maverick-security; urgency=low
* SECURITY UPDATE: Blacklist Diginotar root and intermediate certificates;
Fraudulent certificates were mis-issued that could allow an attacker to
This bug was fixed in the package qt4-x11 - 4:4.7.2-0ubuntu6.3
---
qt4-x11 (4:4.7.2-0ubuntu6.3) natty-security; urgency=low
* SECURITY UPDATE: Blacklist Diginotar root and intermediate certificates;
Fraudulent certificates were mis-issued that could allow an attacker to
** Branch linked: lp:ubuntu/lucid-security/qt4-x11
** Branch linked: lp:ubuntu/maverick-security/qt4-x11
** Branch linked: lp:ubuntu/natty-security/qt4-x11
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Branch linked: lp:firefox/stable
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To manage notifications about this bug go to:
** Branch linked: lp:thunderbird/stable
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To manage notifications about this bug go
** Changed in: ca-certificates (Debian)
Importance: Unknown = Undecided
** Changed in: ca-certificates (Debian)
Status: Fix Released = New
** Changed in: ca-certificates (Debian)
Remote watch: Debian Bug tracker #639744 = None
--
You received this bug notification because you are a
Please don't change bug watches without a comment.
** Changed in: ca-certificates (Debian)
Importance: Undecided = Unknown
** Changed in: ca-certificates (Debian)
Status: New = Unknown
** Changed in: ca-certificates (Debian)
Remote watch: None = Debian Bug tracker #639744
--
You
** Changed in: ca-certificates (Debian)
Status: Unknown = Fix Released
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To
This bug was fixed in the package qt4-x11 - 4:4.7.4-0ubuntu1
---
qt4-x11 (4:4.7.4-0ubuntu1) oneiric; urgency=low
* New upstream release (LP: #839557, #785318)
* debian/patches/Add_support_for_QT_USE_DRAG_DISTANCE_env_var.patch,
debian/patches/a11y_qt_and_qml_backport.diff,
** Branch linked: lp:ubuntu/qt4-x11
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To manage notifications about this bug go to:
This bug was fixed in the package nss - 3.12.9+ckbi-1.82-0ubuntu5
---
nss (3.12.9+ckbi-1.82-0ubuntu5) oneiric; urgency=low
* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
3.12.9 to remove the DigiNotar certificates and actively distrust them;
** Branch linked: lp:ubuntu/nss
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To manage notifications about this bug go to:
Lucid, Maverick, and Natty builds of qt4-x11 will be available in
ubuntu-security-proposed in several hours for anyone who is interested
** Changed in: nss (Ubuntu Oneiric)
Assignee: (unassigned) = Micah Gersten (micahg)
** Changed in: qt4-x11 (Ubuntu Maverick)
Status: In Progress =
While Lucid doesn't have the DigiNotar root CA, we can still blacklist
like we did for Comodo.
** Changed in: qt4-x11 (Ubuntu Lucid)
Status: Confirmed = Fix Committed
** Changed in: qt4-x11 (Ubuntu Lucid)
Assignee: (unassigned) = Micah Gersten (micahg)
--
You received this bug
Hi,
For the very old Seamonkey 2.0 : http://support.mozilla.com/fr/kb
/supprimer-certificat-diginotar-ca
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar
** Branch linked: lp:~kubuntu-packagers/kubuntu-packaging/qt
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To manage
This bug was fixed in the package nss -
3.12.9+ckbi-1.82-0ubuntu0.10.04.3
---
nss (3.12.9+ckbi-1.82-0ubuntu0.10.04.3) lucid-security; urgency=low
* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
3.12.9 to remove the DigiNotar certificates and actively
This bug was fixed in the package nss -
3.12.9+ckbi-1.82-0ubuntu0.10.10.3
---
nss (3.12.9+ckbi-1.82-0ubuntu0.10.10.3) maverick-security; urgency=low
* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
3.12.9 to remove the DigiNotar certificates and
This bug was fixed in the package nss - 3.12.9+ckbi-1.82-0ubuntu2.1
---
nss (3.12.9+ckbi-1.82-0ubuntu2.1) natty-security; urgency=low
* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
3.12.9 to remove the DigiNotar certificates and actively distrust
** Branch linked: lp:ubuntu/natty-security/nss
** Branch linked: lp:ubuntu/lucid-security/nss
** Branch linked: lp:ubuntu/maverick-security/nss
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
This bug was fixed in the package ca-certificates -
20090814ubuntu0.10.04.1
---
ca-certificates (20090814ubuntu0.10.04.1) lucid-security; urgency=low
* SECURITY UPDATE: Blacklist DigiNotar Root CA due to fraudulent
certificate issuance (LP: #837557)
- update
This bug was fixed in the package ca-certificates -
20090814+nmu2ubuntu0.1
---
ca-certificates (20090814+nmu2ubuntu0.1) natty-security; urgency=low
* SECURITY UPDATE: Blacklist DigiNotar Root CA due to fraudulent
certificate issuance (LP: #837557)
- update
This bug was fixed in the package ca-certificates -
20090814ubuntu0.10.10.1
---
ca-certificates (20090814ubuntu0.10.10.1) maverick-security; urgency=low
* SECURITY UPDATE: Blacklist DigiNotar Root CA due to fraudulent
certificate issuance (LP: #837557)
- update
** Branch linked: lp:ubuntu/lucid-security/ca-certificates
** Branch linked: lp:ubuntu/natty-security/ca-certificates
** Branch linked: lp:ubuntu/maverick-security/ca-certificates
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Branch linked: lp:~mozillateam/nss/nss.lucid
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To manage notifications about this
** Branch linked: lp:~mozillateam/nss/nss.maverick
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To manage notifications about
** Branch linked: lp:~mozillateam/nss/nss.natty
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To manage notifications about this
Just found out Qt 4.7 has a blacklist patch, so reopening tasks fro
maverick/natty/oneiric
** Changed in: qt4-x11 (Ubuntu Maverick)
Importance: Undecided = Medium
** Changed in: qt4-x11 (Ubuntu Maverick)
Status: Invalid = In Progress
** Changed in: qt4-x11 (Ubuntu Maverick)
Didier,
I was told you're doing a qt4-x11 upload, can you include the blacklist patch
from the blog post in the Description of this bug?
** Changed in: qt4-x11 (Ubuntu Oneiric)
Assignee: (unassigned) = Didier Roche (didrocks)
--
You received this bug notification because you are a member
This bug was fixed in the package thunderbird - 7.0~b2+build2+nobinonly-
0ubuntu1
---
thunderbird (7.0~b2+build2+nobinonly-0ubuntu1) oneiric; urgency=low
* New upstream release from the beta channel (THUNDERBIRD_7_0b2_BUILD2)
- LP: #837557 and LP: #838322
* Update
** Branch linked: lp:ubuntu/thunderbird
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To manage notifications about this bug go
** Branch linked: lp:ubuntu/lucid-security/thunderbird
** Branch linked: lp:ubuntu/maverick-security/thunderbird
** Branch linked: lp:ubuntu/natty-security/thunderbird
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
** Description changed:
- NOTE: The Firefox update causes a regression for certain Dutch sites
- which is being tracked in Bug #838322.
+ NOTE: The Firefox update causes a regression for certain Dutch sites which is
being tracked in Bug #838322.
+ NOTE #2: The current update for Thunderbird
regarding the Qt bundle: I cannot find the DigiNotar root cert in there, the
bundle is really old apparently.
(did:
cd src/network/ssl
csplit -s qt-ca-bundle.crt '/^$/' {*}
for i in $(ls ./xx*); do echo $i; openssl x509 -text -noout -in $i; done|grep
-i 'subject:'|grep -i diginotar
... does not
** Branch linked: lp:thunderbird/beta
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To manage notifications about this bug go
As you might have seen at Mozilla's Bugzilla
(https://bugzilla.mozilla.org/show_bug.cgi?id=683449), the current Gecko
fixes block too much, so there will soon be another update to the
mentioned Gecko products, presumably requiring action in Ubuntu too.
** Bug watch added: Mozilla Bugzilla #683449
The proposed workaround is only for Firefox.
What about other applications that may access Google services on a Ubuntu
system?
Can we simply sudo rm /etc/ssl/certs/DigiNotar_Root_CA.pem ?
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to
debian has released ca-certificates version 20110502+nmu1 that fix this
** Bug watch added: Debian Bug tracker #639744
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639744
** Also affects: ca-certificates (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639744
** Changed in: ca-certificates (Debian)
Status: Unknown = Fix Released
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To
@Olivier Mengué
I am working on updates for NSS and ca-certificates to address this system wide.
@Anonymous
Seamonkey is currently not in a good state, but I will try to get an update for
it eventually. In the mean time, the NSS update should take care of this
security issue for most use
** Changed in: nss (Ubuntu Oneiric)
Assignee: Micah Gersten (micahg) = (unassigned)
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate
** Also affects: seamonkey (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate issuance
To
** Changed in: ca-certificates (Ubuntu Lucid)
Status: In Progress = Fix Committed
** Changed in: ca-certificates (Ubuntu Maverick)
Status: In Progress = Fix Committed
** Changed in: ca-certificates (Ubuntu Natty)
Status: In Progress = Fix Committed
--
You received this bug
** Changed in: nss (Ubuntu Lucid)
Status: Confirmed = In Progress
** Changed in: nss (Ubuntu Maverick)
Status: Confirmed = In Progress
** Changed in: nss (Ubuntu Natty)
Status: Confirmed = In Progress
** Changed in: seamonkey (Ubuntu Lucid)
Status: New = Confirmed
** Also affects: chromium-browser (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate
** Changed in: chromium-browser (Ubuntu)
Status: New = Confirmed
** Changed in: chromium-browser (Ubuntu Lucid)
Status: New = Confirmed
** Changed in: chromium-browser (Ubuntu Maverick)
Status: New = Confirmed
** Changed in: chromium-browser (Ubuntu Natty)
Status:
UPDATE:
Unfortunately, the ca-certificates and NSS fixes available at the moment are
only a partial fix that won't actually help very much. I'm currently waiting
on fixes that should address this issue completely. I will be releasing
Thunderbird in a few hours with the same fix that Firefox
This bug was fixed in the package thunderbird - 3.1.13+build1+nobinonly-
0ubuntu0.10.10.1
---
thunderbird (3.1.13+build1+nobinonly-0ubuntu0.10.10.1) maverick-security;
urgency=low
* New upstream release v3.1.13 (THUNDERBIRD_3_1_13_BUILD1)
- Distrust and disable DigiNotar Root
This bug was fixed in the package thunderbird - 3.1.13+build1+nobinonly-
0ubuntu0.11.04.1
---
thunderbird (3.1.13+build1+nobinonly-0ubuntu0.11.04.1) natty-security;
urgency=low
* New upstream release v3.1.13 (THUNDERBIRD_3_1_13_BUILD1)
- Distrust and disable DigiNotar Root CA
This bug was fixed in the package thunderbird - 3.1.13+build1+nobinonly-
0ubuntu0.10.04.1
---
thunderbird (3.1.13+build1+nobinonly-0ubuntu0.10.04.1) lucid-security;
urgency=low
* New upstream release v3.1.13 (THUNDERBIRD_3_1_13_BUILD1)
- Distrust and disable DigiNotar Root CA
** Summary changed:
- Fraudulent *.google.com Certificate
+ fraudulent DigiNotar certificate issuance
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/837557
Title:
fraudulent DigiNotar certificate
** Also affects: ca-certificates (Ubuntu)
Importance: Undecided
Status: New
** Also affects: nss (Ubuntu)
Importance: Undecided
Status: New
** Also affects: qt4-x11 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: ca-certificates (Ubuntu Natty)
** Changed in: ca-certificates (Ubuntu Maverick)
Importance: Undecided = Medium
** Changed in: ca-certificates (Ubuntu Maverick)
Status: New = In Progress
** Changed in: ca-certificates (Ubuntu Maverick)
Assignee: (unassigned) = Micah Gersten (micahg)
--
You received this bug
** Branch linked: lp:ubuntu/lucid-security/firefox
** Branch linked: lp:ubuntu/lucid-security/xulrunner-1.9.2
** Branch linked: lp:ubuntu/maverick-security/xulrunner-1.9.2
** Branch linked: lp:ubuntu/maverick-security/firefox
** Branch linked: lp:ubuntu/natty-security/firefox
--
You received
Also affects SeaMonkey (https://launchpad.net/ubuntu/+source/seamonkey).
Please update SeaMonkey to version 2.3.2 so that this problem can be
prevented there too. SeaMonkey version 2.3.2 erroneously identifies
itself as version 2.3.1 (see
https://bugzilla.mozilla.org/show_bug.cgi?id=683473). If
75 matches
Mail list logo
