-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 14 Feb 2026 13:07:20 +0100 Source: ca-certificates Architecture: source Version: 20230311+deb12u1~deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Julien Cristau <jcristau@debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 995432 1095913 Changes: ca-certificates (20230311+deb12u1~deb11u1) bullseye-security; urgency=medium . * LTS team upload * Backport to bullseye * Update Mozilla certificate authority bundle to version 2.60 The following certificate authorities were added (+): + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" + "ANF Secure Server Root CA" + "Autoridad de Certificacion Firmaprofesional CIF A62634068" + "Certainly Root E1" + "Certainly Root R1" + "Certum EC-384 CA" + "Certum Trusted Root CA" + "D-TRUST BR Root CA 1 2020" + "D-TRUST EV Root CA 1 2020" + "DigiCert TLS ECC P384 Root G5" + "DigiCert TLS RSA4096 Root G5" + "E-Tugra Global Root CA ECC v3" + "E-Tugra Global Root CA RSA v3" + "GlobalSign Root R46" + "GlobalSign Root E46" + "GLOBALTRUST 2020" + "HARICA TLS ECC Root CA 2021" + "HARICA TLS RSA Root CA 2021" + "HiPKI Root CA - G1" + "ISRG Root X2" + "Security Communication ECC RootCA1" + "Security Communication RootCA3" + "Telia Root CA v2" + "TunTrust Root CA" + "vTrus ECC Root CA" + "vTrus Root CA" The following certificate authorities were removed (-): - "Chambers of Commerce Root - 2008" - "Cybertrust Global Root" (expired) - "EC-ACC" - "GeoTrust Primary Certification Authority - G2" - "Global Chambersign Root - 2008" - "GlobalSign Root CA - R2" (expired) - "Hellenic Academic and Research Institutions RootCA 2011" - "Network Solutions Certificate Authority" - "QuoVadis Root CA" - "Sonera Class 2 Root CA" - "Staat der Nederlanden EV Root CA" (expired) - "Staat der Nederlanden Root CA - G3" - "Trustis FPS Root CA" - "VeriSign Universal Root Certification Authority" * Add 2 Sectigo roots that are in active use and causing interop issues; these roots were included in the Mozilla bundle version 2.62 (closes: #1095913): + Sectigo Public Server Authentication Root E46 + Sectigo Public Server Authentication Root R46 * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) . [ Bastien Roucariès ] * Add salsa-ci * Add break against ca-certificates-java Checksums-Sha1: ee5e3a5b9354f3ccabc1e2296d5862b761c72f4e 1803 ca-certificates_20230311+deb12u1~deb11u1.dsc 6fe5441b90e8a04d943a00d0546de558db98e763 260104 ca-certificates_20230311+deb12u1~deb11u1.tar.xz d444e415ff09d213dde0ec4742392996466fc2cb 5744 ca-certificates_20230311+deb12u1~deb11u1_source.buildinfo Checksums-Sha256: f9a7dfde551005b522e1d6e421fd9d690c56f70d7b5d083a422cbfa499cf7326 1803 ca-certificates_20230311+deb12u1~deb11u1.dsc 4491564ba510e58aa65ae0c8d6d912cf047e10cc224cf235c96bef4e30d7daae 260104 ca-certificates_20230311+deb12u1~deb11u1.tar.xz 8477ec48bb0732b3f56ae10cfee2686e1144e3b0d30ffb06235e492148722dcd 5744 ca-certificates_20230311+deb12u1~deb11u1_source.buildinfo Files: fef276e9f28f03d728d54d331fa5d65a 1803 misc optional ca-certificates_20230311+deb12u1~deb11u1.dsc 3c5fc53f85ecf06fa2d5f10c40fb6db0 260104 misc optional ca-certificates_20230311+deb12u1~deb11u1.tar.xz 69bc469d40450af46a2d3a205bcbb84c 5744 misc optional ca-certificates_20230311+deb12u1~deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmmYzYYACgkQADoaLapB CF+59RAAkwHMscAMyY+khGWCfFryS4lSde3fpE+GbLWuJC/g2OY90ag63nMn8vNI ZlP1oq+wCOwF/3kTpXV8WpVRjSJvVC/WoBSUsTbhQ2+XTSKMstghMZ/bDITvQaqw RpqW0u7qnXPCx/FAX/3rSgE+pOoOidC+bwIxG+nWG90AIlF+RSUpbQc5fTry6Zoe qJejMDV/YNo8XasGG/2XrJ1+f7yDIVSWhyq6WrssPX5vresJyJGK89x2id3K5UJj 2W8XKNqHIKEnqaWfRpcG6s0zj26129PdqGo4h9SG+vtO8datNKGBjTmdnBTyFd1P dFMi9r0ou3uEZLsg5PrlBSUs+7BJ7q1d+pAgrP54qwTB+lwaJtRMFm7l1ldcjOKK lHPU41WvprSQqvHG3KI7BwcdEw9REWKipgenD/LanRpOxe5MYG4VwbR+76SPY0Po eAoCySWEXweBD+oJ9Hz+oqAvn4RH7zfx2b2Mivm2uerEXuS6UijV6E520JiLzmN/ 9hGKO9bzM4yBMyptx9szqJ26mLdQBZEnHBE8Pb7MWJO+vm33kt3NEGeOc4cOat/+ wEttfc7vkXQm8P/GunoZtDRqarDdmGkaUfUT5v6D02Q+20UTBBCcP0Y5rtPcWTtc X0POn2gjLBBHqBDGaQuRm46dx1FonK91NtBHSUoiujcNgithVv4= =bz0u -----END PGP SIGNATURE-----
