[Security] Heads up - mozilla ca certs

[NoOp]

On 08/31/2011 02:37 PM, Jordon Bedwell wrote:
> On 08/31/2011 03:53 PM, Ric Moore wrote:
>> Thanks for the heads up, I had that one in my certs. I deleted it. I
>> happened to look at all the rest, The country of Japan?? There's a bunch
>> that I have no clue where they came from... this is just stuff I just
>> trusted and I didn't bother to go looking for fraudulent certs. I'm
>> assuming the upgrade will show up in synaptic. Thanks again, Ric
> 
> You can also switch to the mozillateam ppa which was updated early this
> morning before Debian issued it's DSA for iceweasal.  I don't assume it
> will be very long before Ubuntu gets it out though since it already hit
> the PPA.
> 
> 

Mozilla SeaMonkey Linux versions are borked (both 32bit and 64bit). Both
report 2.3.1. But *worse* is that they reenstate DigiNotar Root CA.
Tested both ways:

1. 32bit linux deleted DigiNotar Root CA and then did the update via
Help|Check for Updates. DigiNotar Root CA is now back.
Build identifier: Mozilla/5.0 (X11; Linux i686; rv:6.0.1) Gecko/20110830
Firefox/6.0.1 SeaMonkey/2.3.1

2. 64bit linux deleted DigiNotar Root CA and then did the update via
Help|Check for Updates. DigiNotar Root CA is now back. So I downloaded
the entire bz2, deleted the old, and extracted to a new folder;
DigiNotar Root CA is now back on that version as well.
Build identifier: Mozilla/5.0 (X11; Linux x86_64; rv:6.0.1)
Gecko/20110830 Firefox/6.0.1 SeaMonkey/2.3.1

I've notified the Mozilla devs & Justin Wood (Callek) who is responsible
for the builds.