PT-2025-54890 · Suse · Ca-Certificates-Mozilla

Published

2025-05-21

·

Updated

2025-05-21

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
This update for ca-certificates-mozilla fixes the following issues:
  • test for a concretely missing certificate rather than just the directory, as the latter is now also provided by openssl-3
  • Re-create java-cacerts with SOURCE DATE EPOCH set for reproducible builds (bsc#1229003)
  • explicit remove distrusted certs, as the distrust does not get exported correctly and the SSL certs are still trusted. (bsc#1240343)
  • Entrust.net Premium 2048 Secure Server CA
  • Entrust Root Certification Authority
  • AffirmTrust Commercial
  • AffirmTrust Networking
  • AffirmTrust Premium
  • AffirmTrust Premium ECC
  • Entrust Root Certification Authority - G2
  • Entrust Root Certification Authority - EC1
  • GlobalSign Root E46
  • GLOBALTRUST 2020
  • pass file argument to awk (bsc#1240009)
  • update to 2.74 state of Mozilla SSL root CAs: Removed:
  • SwissSign Silver CA - G2 Added:
  • D-TRUST BR Root CA 2 2023
  • D-TRUST EV Root CA 2 2023
  • remove extensive signature printing in comments of the cert bundle
  • Define two macros to break a build cycle with p11-kit.
  • Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798) Removed:
  • SecureSign RootCA11
  • Security Communication RootCA3 Added:
  • TWCA CYBER Root CA
  • TWCA Global Root CA G2
  • SecureSign Root CA12
  • SecureSign Root CA14
  • SecureSign Root CA15
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

SUSE-SU-2025:20336-1

Affected Products

Ca-Certificates-Mozilla