Google, Inc. discovered that the TurkTrust certification authority included in the Network Security Service libraries (nss) mis-issued two intermediate CAs which could be used to generate rogue end-entity certificates. This update explicitly distrusts those two intermediate CAs. The two existing TurkTrust root CAs remain active. For the stable distribution (squeeze), this problem has been fixed in version 3.12.8-1+squeeze6. For the testing distribution (wheezy), this problem has been fixed in version 2:3.13.6-2. For the unstable distribution (sid), this problem has been fixed in version 2:3.14.1.with.ckbi.1.93-1. We recommend that you upgrade your nss packages.
Google, Inc. discovered that the TurkTrust certification authority included in the Network Security Service libraries (nss) mis-issued two intermediate CAs which could be used to generate rogue end-entity certificates. This update explicitly distrusts those two intermediate CAs. The two existing TurkTrust root CAs remain active.
For the stable distribution (squeeze), this problem has been fixed in version 3.12.8-1+squeeze6.
For the testing distribution (wheezy), this problem has been fixed in version 2:3.13.6-2.
For the unstable distribution (sid), this problem has been fixed in version 2:3.14.1.with.ckbi.1.93-1.
We recommend that you upgrade your nss packages.