Bug 37885 - Update ca-certificates bundle
Update ca-certificates bundle
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: General
UCS 4.0
Other Linux
: P5 enhancement (vote)
: UCS 4.0-1-errata
Assigned To: Philipp Hahn
Moritz Muehlenhoff
http://metadata.ftp-master.debian.org...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-02-25 20:52 CET by Arvid Requate
Modified: 2016-09-21 18:10 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-02-25 20:52:21 CET
The ca-certificates bundle shipped with UCS 4.0 is already a bit dated (20130119), maybe we should import and ship the newer version from jessie (20141019 as of now, ubuntu picked that too).
Comment 1 Philipp Hahn univentionstaff 2015-03-13 12:42:28 CET
$ repo_admin.py -U -p ca-certificates -d sid -r 4.0-0-0 -s errata4.0-1
 ca-certificates 20141019

Package: ca-certificates
Version: 20141019.13.201503131231
Branch: ucs_4.0-0
Scope: errata4.0-1

r58949 | Bug #37885 CA: Update SSL certificate bundle YAML
 2015-03-13-ca-certificates.yaml


See <http://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20141019_changelog> for a complete list of updates certificates.
Comment 2 Moritz Muehlenhoff univentionstaff 2015-03-23 14:58:40 CET
As discussed; this update removes the cacert.org certificate (Debian #718434), which we shouldn't remove in an erratum.
Comment 3 Philipp Hahn univentionstaff 2015-03-23 16:00:47 CET
r14514 | Re-added cacert.org

Package: ca-certificates
Version: 20141019.14.201503231550
Branch: ucs_4.0-0
Scope: errata4.0-1

r59327 | Bug #37885 CA: Update SSL certificate bundle YAML
 2015-03-13-ca-certificates.yaml

QA:
wget -O/dev/null --ca-certificate /etc/ssl/certs/ca-certificates.crt https://www.cacert.org/
wget -O/dev/null --ca-certificate /usr/share/ca-certificates/cacert.org/cacert.org.crt https://www.cacert.org/
Comment 4 Moritz Muehlenhoff univentionstaff 2015-03-25 07:53:05 CET
Looks good, all tests passed. YAML file ok.
Comment 5 Janek Walkenhorst univentionstaff 2015-03-25 16:37:44 CET
<http://errata.univention.de/ucs/4.0/121.html>