[Touch-packages] [Bug 1913951] Re: ca-certificates: Symantec CA blacklisted for non-TLS uses

Thu, 25 Feb 2021 14:05:58 -0800 

** Changed in: ca-certificates (Debian)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.
https://bugs.launchpad.net/bugs/1913951

Title:
  ca-certificates:  Symantec CA blacklisted for non-TLS uses

Status in ca-certificates package in Ubuntu:
  Fix Released
Status in ca-certificates source package in Groovy:
  Fix Released
Status in ca-certificates source package in Hirsute:
  Fix Released
Status in ca-certificates package in Debian:
  Fix Released

Bug description:
  ~$ lsb_release -rd
  Description:  Ubuntu 20.10
  Release:      20.10
  ~$ apt list --installed | grep ca-certificates

  WARNING: apt does not have a stable CLI interface. Use with caution in
  scripts.

  ca-certificates/groovy-updates,groovy-security,now
  20201027ubuntu0.20.10.1 all [installed,automatic]

  
  Repro steps:

  1.  Open Terminal.
  2.  Execute:

    wget https://dot.net/v1/dotnet-install.sh
    chmod +x ./dotnet-install.sh
    ./dotnet-install.sh -c 5.0
    export DOTNET_ROOT=$HOME/.dotnet
    export PATH=$PATH:$HOME/.dotnet
    dotnet new console
    dotnet add package System.Collections.Immutable

  Expected result:
    Package restore will succeed.

  Actual result:
    Package restore fails with:

    error: NU3028: Package 'System.Collections.Immutable 5.0.0' from
  source 'https://api.nuget.org/v3/index.json': The author primary
  signature's timestamp found a chain building issue: UntrustedRoot:
  self signed certificate in certificate chain

  
  There has been a planned process to distrust Symantec certificates in the 
certificate store over the past two years.  The Debian ca-certificates package 
removed this CA for both TLS (expected) and other uses (like timestamping) 
(unexpected).  Trust was added back in a subsequent update.  See 
https://release.debian.org/proposed-updates/stable.html#ca-certificates_20200601~deb10u2
 for details.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1913951/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to