This bug was fixed in the package ca-certificates - 20111211

---------------
ca-certificates (20111211) unstable; urgency=low

  * Clarify CA audit note in package description and README.debian. Thanks
    to C.J. Adams-Collier for the patch.  Closes: #594383
  * Remove French Government IGC/A CA certificates. The RSA certificate is
    included in the Mozilla bundle and the DSA certificate is not in use.
    Closes: #646767
  * Remove expired signet.pl CAs.  Closes: #647849
  * Remove expired brasil.gov.br CA.
  * Edit 20111025 changelog/NEWS entries to correctly list installed CAs
  * Use 'set -e' in body of debian/postinst
  * Update mozilla/certdata.txt to version 1.80
    (no added/removed CAs)
  * Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data

 -- Michael Shuler <email address hidden>  Sun, 11 Dec 2011 19:05:32 -0600

ca-certificates (20111025) unstable; urgency=low

  [ Michael Shuler ]
  * Add 3.0 (native) source format
  * Add Vcs-Git/Browser fields
  * Add myself as new Maintainer with Uploaders  Closes: #588219
  * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
    Certificates added (+) and removed (-):
    + "AffirmTrust Commercial"
    + "AffirmTrust Networking"
    + "AffirmTrust Premium"
    + "AffirmTrust Premium ECC"
    + "A-Trust-nQual-03"
    + "Certinomis - Autorité Racine"
    + "Certum Trusted Network CA"
    + "Go Daddy Root Certificate Authority - G2"
    + "Root CA Generalitat Valenciana"
    + "Starfield Root Certificate Authority - G2"
    + "Starfield Services Root Certificate Authority - G2"
    + "TWCA Root Certification Authority"
    - "AOL Time Warner Root Certification Authority 1"
    - "AOL Time Warner Root Certification Authority 2"
    - "DigiNotar Root CA"
    - "Entrust.net Global Secure Personal CA"
    - "Entrust.net Global Secure Server CA"
    - "Entrust.net Secure Personal CA"
    - "IPS Chained CAs root"
    - "IPS CLASE1 root"
    - "IPS CLASE3 root"
    - "IPS CLASEA1 root"
    - "IPS CLASEA3 root"
    - "IPS Timestamping root"
    - "Thawte Personal Freemail CA"
    - "Thawte Time Stamping CA"
  * Update CAcert-Class 3-Subroot-certificate  Closes: #630232

  [ Steve Langasek ]
  * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
    the way before calling c_rehash, so that symlinks don't accidentally get
    pointed here, breaking openssl certificate verification  LP: #854927

  [ Loïc Minier ]
  * Drop bogus c_rehash on upgrades, which caused issue when
    ca-certificates.crt was still in place; instead, call
    update-ca-certificates --fresh on upgrades to this version, and
    the usual update-ca-certificates otherwise  Closes: #643667, #537382

 -- Michael Shuler <email address hidden>  Tue, 25 Oct 2011 09:12:10 -0500

ca-certificates (20111022) unstable; urgency=low

  * QA upload.
  * Fix pending l10n issues. Debconf translations:
    - German (Helge Kreutzmann).  Closes: #634000
    - French (Christian Perrier).  Closes: #634092
    - Russian (Yuri Kozlov).  Closes: #635146
    - Swedish (Martin Bagge / brother).  Closes: #640622
    - Slovak (Slavko).  Closes: #641987
    - Spanish; (Javier Fernández-Sanguino).  Closes: #642359
    - Japanese (Kenshi Muto).  Closes: #644828
    - Czech (Miroslav Kure).  Closes: #644843
    - Danish (Joe Hansen).  Closes: #644854
    - Italian (Luca Monducci).  Closes: #645004
    - Dutch; (Jeroen Schot).  Closes: #645090
    - Portuguese (Miguel Figueiredo).  Closes: #645126
    - Galician (Jorge Barreiro).  Closes: #645138
    - Catalan; (Jordi Mallach).  Closes: #645182
    - Brazilian Portuguese (Adriano Rafael Gomes).  Closes: #645526
  * Split Choices in debconf templates
  * Add build-arch and build-indep build targets
  * Bump debhelper compatibility level to 8
  * Bump Standards to 3.9.2 (checked)
  * Replace "dh_clean -k" by dh_prep

 -- Christian Perrier <email address hidden>  Sat, 22 Oct 2011 14:24:00 +0200