lp:~mozillateam/nss/nss.lucid
- Get this branch:
- bzr branch lp:~mozillateam/nss/nss.lucid
Branch merges
Related source package recipes
Related bugs
| Bug #741729: Blacklist fraudulent UTN-USERFirst-Hardware certificates | Undecided | Fix Released |
|
| Bug #837557: fraudulent DigiNotar certificate issuance | Medium | Fix Released |
|
Related blueprints
Branch information
Recent revisions
- 117. By Micah Gersten
-
* SECURITY UPDATE: Add patch from Debian version 3.12.11-3 rebased against
3.12.9 to remove the DigiNotar certificates and actively distrust them;
Thanks to Mike Hommey from Debian for the original patch (LP: #837557)
- mozilla/security/ nss/lib/ ckfw/builtins/ certdata. *:
Explicitely distrust various DigiNotar CAs:
- DigiNotar Root CA
- DigiNotar Services 1024 CA
- DigiNotar Cyber CA
- DigiNotar Cyber CA 2nd
- DigiNotar PKIoverheid
- DigiNotar PKIoverheid G2
- mozilla/security/ nss/lib/ ckfw/builtins/ certdata. *:
Remove DigiNotar Root CA. - 114. By Micah Gersten
-
* New upstream release v3.12.9 with updated ckbi module
(NSS_3_12_9_ WITH_CKBI_ 1_82_RTM)
- SECURITY UPDATE: Update "builtin certificates" module (ckbi) to
explicitly mark the recently issued and revoked fraudulent certificates
as explicitly not trusted; NSS will report SEC_ERROR_UNTRUSTED_ CERT when
attempting to verify one of these fraudulent certificates (LP: #741729) - 112. By Chris Coulson
-
* New upstream release v3.12.8 (NSS_3_12_8_RTM)
- Fix browser wildcard certificate validation issue
- Update root certs
- Fix SSL deadlocks
* Refresh patches:
- update debian/patches/ 38_kbsd. patch
- update debian/patches/ 97_SSL_ RENEGOTIATE_ TRANSITIONAL. patch
* Bump minimum nspr version to 4.8.6
- update debian/control
* Add new API to symbols file
- update debian/libnss3- 1d.symbols
Branch metadata
- Branch format:
- Branch format 6
- Repository format:
- Bazaar pack repository format 1 (needs bzr 0.92)
Mozilla Team
