Ubuntu
firefox package

Remove the exemptions for the Staat der Nederlanden root

Bug #838322 reported by Micah Gersten
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Mozilla Firefox
Fix Released
Critical
firefox (Ubuntu)
Fix Released
Medium
Chris Coulson
Lucid
Fix Released
Medium
Micah Gersten
Maverick
Fix Released
Medium
Micah Gersten
Natty
Fix Released
Medium
Micah Gersten
Oneiric
Fix Released
Medium
Chris Coulson
thunderbird (Ubuntu)
Fix Released
Medium
Chris Coulson
Lucid
Fix Released
Medium
Micah Gersten
Maverick
Fix Released
Medium
Micah Gersten
Natty
Fix Released
Medium
Micah Gersten
Oneiric
Fix Released
Medium
Chris Coulson
xulrunner-1.9.2 (Ubuntu)
Invalid
Undecided
Unassigned
Lucid
Fix Released
Medium
Micah Gersten
Maverick
Fix Released
Medium
Micah Gersten
Natty
Fix Released
Undecided
Unassigned
Oneiric
Invalid
Undecided
Unassigned

Bug Description

Here's an updated blog post on the DigiNotar issue:
http://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/

The Staat der Nederlanden root exemption has been removed. These root certs are still believed to be trusted. The "PKIOverheid" (PKIGovernment) intermediates under DigiNotar's control that
did not chain to DigiNotar's root and were not previously blocked were blocked instead.

See original description
Revision history for this message
In , Gervase Markham (gerv-mozilla) wrote :

It turns out that there are two Staat der Nederlanden roots in our root store, and our patch only exempts one of them from the DigiNotar block :-(( This means that a number of websites whose certs do not chain up to the dis-trusted DigiNotar root are nevertheless having their certificates viewed as untrusted. I'm not sure how many sites this is.

The roots are:
Staat der Nederlanden Root CA
  (successfully exempted)
Staat der Nederlanden Root CA - G2
  (accidentally included)

The line of code is this one:

if (!strcmp(node->cert->issuerName,
    "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") ...

This check needs to include both the names above.

Test site:
https://sha2.diginotar.nl/

Gerv

Revision history for this message
In , Mark-janssen (mark-janssen) wrote :

Some more websites:
https://g2test.logius.nl/
https://steenwijkerland.bim.mijnbezwaar.nl/

Let me know if you need more.

Revision history for this message
In , Mark-janssen (mark-janssen) wrote :

Again more sites:
https://secure.valkenswaard.nl/
https://www8.eindhoven.nl/

Thanks

Revision history for this message
In , Gervase Markham (gerv-mozilla) wrote :

This bug cannot progress until the right people wake up. If we decide to issue a further update, the turnaround time is about 24 hours.

Gerv

Revision history for this message
In , Ehsan-mozilla (ehsan-mozilla) wrote :

I think I may have a patch.

Revision history for this message
In , Ehsan-mozilla (ehsan-mozilla) wrote :

Created attachment 557158
Patch (v1)

Revision history for this message
In , Bsmith-mozilla (bsmith-mozilla) wrote :

Created attachment 557159
WIP - Allow Staat der Nederlanden Root CA - G2 Root

This is still building on my machine.

Revision history for this message
In , Ehsan-mozilla (ehsan-mozilla) wrote :

(In reply to Brian Smith (:bsmith) from comment #6)
> Created attachment 557159
> WIP - Allow Staat der Nederlanden Root CA - G2 Root
>
> This is still building on my machine.

Same here!

Revision history for this message
In , Bsmith-mozilla (bsmith-mozilla) wrote :

Comment on attachment 557159
WIP - Allow Staat der Nederlanden Root CA - G2 Root

Will use Ehsan's patch, which I will r+ as soon as it finishes building on my machine and I can test it.

Revision history for this message
In , Kai Engert (kaie) wrote :

Comment on attachment 557158
Patch (v1)

If the Dutch gov insists on this, and Mozilla decides to concur, I'm fine with this code change.
r=kaie

Revision history for this message
In , Ehsan-mozilla (ehsan-mozilla) wrote :

Just verified locally that the fix is working for all of the test websites.

Revision history for this message
In , Ehsan-mozilla (ehsan-mozilla) wrote :

http://hg.mozilla.org/mozilla-central/rev/e18dcb523b20

Revision history for this message
In , Ehsan-mozilla (ehsan-mozilla) wrote :

I landed it on aurora, beta and 1.9.2 (not the relbranch) with johnath's verbal approval:

http://hg.mozilla.org/releases/mozilla-1.9.2/rev/72fd28e61b47
http://hg.mozilla.org/releases/mozilla-aurora/rev/ba929aa09503
http://hg.mozilla.org/releases/mozilla-beta/rev/6791db28b82f

Revision history for this message
In , Johnath (johnath) wrote :

(Confirming that this has any approval flags ehsan needs it to have - a=me)

Micah Gersten (micahg)
Changed in firefox (Ubuntu Oneiric):
importance: Undecided → Medium
status: New → Triaged
Changed in firefox (Ubuntu Natty):
importance: Undecided → Medium
status: New → Triaged
Changed in firefox (Ubuntu Maverick):
importance: Undecided → Medium
status: New → Triaged
Jamie Strandboge (jdstrand)
Changed in firefox (Ubuntu Lucid):
status: New → Triaged
importance: Undecided → Medium
Bug Watch Updater (bug-watch-updater)
Changed in firefox:
importance: Unknown → Critical
status: Unknown → Fix Released
Revision history for this message
Micah Gersten (micahg) wrote : Re: DigiNotar patch erroneously blocks one of the two Staat der Nederlanden roots

Natty won't be affected as 1.9.2.21 isn't being pushed to it.

Changed in xulrunner-1.9.2 (Ubuntu Lucid):
assignee: nobody → Micah Gersten (micahg)
importance: Undecided → Medium
status: New → In Progress
Changed in xulrunner-1.9.2 (Ubuntu Maverick):
assignee: nobody → Micah Gersten (micahg)
importance: Undecided → Medium
status: New → In Progress
Changed in xulrunner-1.9.2 (Ubuntu Natty):
status: New → Invalid
Revision history for this message
Micah Gersten (micahg) wrote :

Oneiric doesn't have xulrunner-1.9.2

Changed in xulrunner-1.9.2 (Ubuntu Oneiric):
status: New → Invalid
Changed in firefox (Ubuntu Lucid):
assignee: nobody → Micah Gersten (micahg)
status: Triaged → In Progress
Changed in firefox (Ubuntu Maverick):
assignee: nobody → Micah Gersten (micahg)
status: Triaged → In Progress
Changed in firefox (Ubuntu Natty):
assignee: nobody → Micah Gersten (micahg)
status: Triaged → In Progress
Changed in firefox (Ubuntu Oneiric):
assignee: nobody → Chris Coulson (chrisccoulson)
Revision history for this message
In , Wan-Teh Chang (wtc-google) wrote :

Comment on attachment 557158
Patch (v1)

> // By request of the Dutch government

I suggest this comment be reworded. This comment
implies we yielded to government pressure. I doubt
that's the case.

How about something like "Staat der Nederlanden Root CA
certified their subordinate DigiNotar CAs were good"?
If it turns out their subordinate DigiNotar CAs were
also attacked, then that'll be reason to remove the
trust for Staat der Nederlanden Root CA.

Similarly, we should ask each of the root CA that
has a subordinate DigiNotar CA to either certify
or revoke the subordinate DigiNotar CA. This is a
good test for the trustworthiness of the root CAs.

Revision history for this message
In , Eddy-nigg (eddy-nigg) wrote :

(In reply to Wan-Teh Chang from comment #14)
> How about something like "Staat der Nederlanden Root CA
> certified their subordinate DigiNotar CAs were good"?

Sshhh, but does that really matter? This is effectively and right now used as revolving door by DigiNotar. I suggest to A) review this decision, B) check your procedures for such incidences, C) perhaps consult with the Mozilla CA Policy.

It does look very bad in my opinion and it appears to contradict the decision to remove this root.

Revision history for this message
In , Djcater+bugzilla (djcater+bugzilla) wrote :

(In reply to Wan-Teh Chang from comment #14)
> Comment on attachment 557158
> Patch (v1)
>
> > // By request of the Dutch government
>
> I suggest this comment be reworded. This comment
> implies we yielded to government pressure. I doubt
> that's the case.

Can someone please blog on the Mozilla Security Blog explaining this part of the situation? How it came about, what has been excepted and what effect it has only people visiting sites that are part of this exception. Thank you.

Revision history for this message
In , Gervase Markham (gerv-mozilla) wrote :

Mozilla believes that the exemption for certificates under Staat der Nederlanden roots is justified, and it is in line with what other browsers are doing (which used different technical measures which made an exception unnecessary). We will be posting on the security blog soon with a fuller explanation of this. The comment in the source code is not the full story.

Gerv

Revision history for this message
In , Eddy-nigg (eddy-nigg) wrote :

An explanation would be certainly helpful, thanks.

Revision history for this message
In , Ehsan-mozilla (ehsan-mozilla) wrote :

http://hg.mozilla.org/mozilla-central/rev/471f4fbc9c85
http://hg.mozilla.org/releases/mozilla-aurora/rev/f020f92c79ca
http://hg.mozilla.org/releases/mozilla-beta/rev/f6dafd2dcc63
http://hg.mozilla.org/releases/mozilla-beta/rev/731b7bc62da3
http://hg.mozilla.org/releases/mozilla-release/rev/c32149f14aeb
http://hg.mozilla.org/releases/mozilla-release/rev/58b06f58f4f8
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/2e7eba4287e7
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/dbfc18ea5b93

Revision history for this message
In , Reed Loden (reed) wrote :

Considering the patch that landed is actually completely different than what this bug was about, I'm updating the summary and such to reflect that. It would be nice to get the actual patch added as an attachment here.

Revision history for this message
In , Ehsan-mozilla (ehsan-mozilla) wrote :

Also: http://hg.mozilla.org/mozilla-central/rev/5319db188180

Revision history for this message
In , Ehsan-mozilla (ehsan-mozilla) wrote :

Also: http://hg.mozilla.org/releases/mozilla-aurora/rev/a5a5c583c381

Revision history for this message
In , Ehsan-mozilla (ehsan-mozilla) wrote :

http://hg.mozilla.org/releases/mozilla-beta/rev/01d409d49c6a
http://hg.mozilla.org/releases/mozilla-beta/rev/ff20a21364bb

Revision history for this message
In , Ehsan-mozilla (ehsan-mozilla) wrote :

http://hg.mozilla.org/releases/mozilla-release/rev/e65f4c8bd243
http://hg.mozilla.org/releases/mozilla-release/rev/5b6c2f8ff6da
http://hg.mozilla.org/releases/mozilla-release/rev/14452010e012

Revision history for this message
In , Ehsan-mozilla (ehsan-mozilla) wrote :

http://hg.mozilla.org/releases/mozilla-1.9.2/rev/463dbdc80866
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/d19ac6a6ef00

Revision history for this message
In , P-edwin-f (p-edwin-f) wrote :

In a conference of the Dutch government held right now, they also give up trust in their certificates and they expect the browsers to follow.

Revision history for this message
In , Mevans-l (mevans-l) wrote :

Could someone on this bug either indicate what verification steps should be done to verify or even better go ahead and verify yourself. TIA!

Revision history for this message
In , Gmealer (gmealer) wrote :

Seconding Matt, QA would like to verify this behavior before signing off, but it's unclear how we should be doing it. Any hints would be appreciated.

Revision history for this message
Glen Turner (gdt-gdt) wrote :

http://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/
says
"DigiNotar issues certificates as part of the Dutch government’s PKIoverheid (PKIgovernment) program. These certificates are issued from a different DigiNotar-controlled intermediate, and chain up to the Dutch government CA (Staat der Nederlanden). The Dutch government’s Computer Emergency Response Team (GovCERT) indicated that these certificates are issued independently of DigiNotar’s other processes and that, in their assessment, these had not been compromised. The Dutch government therefore requested that we exempt these certificates from the removal of trust, which we agreed to do in our initial security update early this week.

The Dutch government has since audited DigiNotar’s performance and rescinded this assessment. We are now removing the exemption for these certificates, meaning that all DigiNotar certificates will be untrusted by Mozilla products."

Micah Gersten (micahg)
summary: - DigiNotar patch erroneously blocks one of the two Staat der Nederlanden
- roots
+ Remove the exemptions for the Staat der Nederlanden root
description: updated
Revision history for this message
In , Gervase Markham (gerv-mozilla) wrote :

The following sites should work before the patch, and not after:

Staat der Nederlanden Root CA - G2 via Diginotar PKIOverheid CA Organisatie - G2:
  https://belastingbalie.eindhoven.nl/ (Issued: 4th Feb 2011)

Staat der Nederlanden Root CA via Diginotar PKIoverheid CA Overheid en Bedrijven:
  https://www.nifpnet.nl/ (Issued 12th May 2011)

I _think_ you should expect to see an overrideable "cert_not_trusted" error.

Gerv

Revision history for this message
In , Vlad-ghetiu (vlad-ghetiu) wrote :

Setting resolution to Verified Fixed on Mozilla/5.0 (Windows NT 6.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2

Both sites from comment29 are now showing the "Untrusted Connection Page"
The error is displayed under technical details: "The certificate is not trusted because the issuer certificate is unknown.Error code: sec_error_unknown_issuer)

The same behavior applies on:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2

Revision history for this message
In , Hskupin (hskupin) wrote :

This bug needs to be verified against all the branches marked above as fixed. The Verified state is also for trunk and not 6.0.2 as what you have used for testing. Please test at least across 3.6.22 build 2, 6.0.2 build 2, and 7.0b4#2.

Revision history for this message
In , Jbecerra-mozilla (jbecerra-mozilla) wrote :

I've verified this against 3.6.22(build2), 6.0.2(build2), 7.0b4(build2), and latest Nightly using Windows XP or Mac. The first url in comment #29 is now using a certificate, issued on 9/5, by a different certificate authority so there is no error. This is to be expected. The second url is untrusted but overridable.

Revision history for this message
In , Davemgarrett (davemgarrett) wrote :

*** Bug 684747 has been marked as a duplicate of this bug. ***

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firefox - 3.6.22+build2+nobinonly-0ubuntu0.10.10.1

---------------
firefox (3.6.22+build2+nobinonly-0ubuntu0.10.10.1) maverick-security; urgency=low

  * New upstream release v3.6.22 (FIREFOX_3_6_22_BUILD2)
    - Distrust and disable all DigiNotar certs including the Staat der
      Nederlanden Certificates (LP: #838322)
 -- Micah Gersten <email address hidden> Mon, 05 Sep 2011 13:42:50 -0500

Changed in firefox (Ubuntu Maverick):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xulrunner-1.9.2 - 1.9.2.22+build2+nobinonly-0ubuntu0.10.04.1

---------------
xulrunner-1.9.2 (1.9.2.22+build2+nobinonly-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release v1.9.2.22 (FIREFOX_3_6_22_BUILD2)
    - Distrust all DigiNotar certs including the Staat der Nederlanden
      Certificates; The certificates will be disabled in NSS (LP: #838322)
 -- Micah Gersten <email address hidden> Mon, 05 Sep 2011 14:55:57 -0500

Changed in xulrunner-1.9.2 (Ubuntu Lucid):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xulrunner-1.9.2 - 1.9.2.22+build2+nobinonly-0ubuntu0.10.10.1

---------------
xulrunner-1.9.2 (1.9.2.22+build2+nobinonly-0ubuntu0.10.10.1) maverick-security; urgency=low

  * New upstream release v1.9.2.22 (FIREFOX_3_6_22_BUILD2)
    - Distrust all DigiNotar certs including the Staat der Nederlanden
      Certificates; The certificates will be disabled in NSS (LP: #838322)
 -- Micah Gersten <email address hidden> Mon, 05 Sep 2011 15:01:02 -0500

Changed in xulrunner-1.9.2 (Ubuntu Maverick):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firefox - 3.6.22+build2+nobinonly-0ubuntu0.10.04.1

---------------
firefox (3.6.22+build2+nobinonly-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release v3.6.22 (FIREFOX_3_6_22_BUILD2)
    - Distrust and disable all DigiNotar certs including the Staat der
      Nederlanden Certificates (LP: #838322)
 -- Micah Gersten <email address hidden> Mon, 05 Sep 2011 13:36:05 -0500

Changed in firefox (Ubuntu Lucid):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firefox - 6.0.2+build2+nobinonly-0ubuntu0.11.04.1

---------------
firefox (6.0.2+build2+nobinonly-0ubuntu0.11.04.1) natty-security; urgency=low

  * New upstream stable release (FIREFOX_6_0_2_BUILD2)
    - Distrust and disable all DigiNotar certs including the Staat der
      Nederlanden Certificates (LP: #838322)
 -- Micah Gersten <email address hidden> Mon, 05 Sep 2011 00:40:30 -0500

Changed in firefox (Ubuntu Natty):
status: In Progress → Fix Released
Revision history for this message
Anonymous (sjklfjalkfsakl) wrote :

To make this fully fixed, Thunderbird also needs to be updated to 6.0.2 (Oneiric) or 3.1.14 (earlier distributions). I see that you forgot to list Thunderbird as affected, so I tried adding it.

Revision history for this message
In , Jasontanwl (jasontanwl) wrote :

(In reply to Vlad [QA] from comment #30)
> Setting resolution to Verified Fixed on Mozilla/5.0 (Windows NT 6.1;
> rv:6.0.2) Gecko/20100101 Firefox/6.0.2
>
> Both sites from comment29 are now showing the "Untrusted Connection Page"
> The error is displayed under technical details: "The certificate is not
> trusted because the issuer certificate is unknown.Error code:
> sec_error_unknown_issuer)
>
> The same behavior applies on:
> Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0.2) Gecko/20100101
> Firefox/6.0.2
> Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
> Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2

But I still can go into their website even in Firefox 6.0.2
For both website I didn't get the " "Untrusted Connection Page" I did not get the error that is displayed under technical details: "The certificate is not trusted because the issuer certificate is unknown.Error code: sec_error_unknown_issuer)"

Revision history for this message
Micah Gersten (micahg) wrote :

Sorry, I do have thunderbird builds ready, I just forgot to add it to this bug.

Changed in thunderbird (Ubuntu Lucid):
assignee: nobody → Micah Gersten (micahg)
importance: Undecided → Medium
status: New → In Progress
status: In Progress → Fix Committed
Revision history for this message
Micah Gersten (micahg) wrote :

Builds are in the ubuntu-mozilla-security PPA for 3.1.14, mozillateam/thunderbird-stable has 6.0.2

Changed in thunderbird (Ubuntu Maverick):
assignee: nobody → Micah Gersten (micahg)
importance: Undecided → Medium
status: New → Fix Committed
Changed in thunderbird (Ubuntu Natty):
assignee: nobody → Micah Gersten (micahg)
importance: Undecided → Medium
status: New → Fix Committed
Revision history for this message
Micah Gersten (micahg) wrote :

thunderbird | 7.0~b2+build2+nobinonly1-0ubuntu1 | oneiric | source, amd64, i386

Changed in thunderbird (Ubuntu Oneiric):
assignee: nobody → Chris Coulson (chrisccoulson)
importance: Undecided → Medium
status: New → Fix Released
Revision history for this message
Micah Gersten (micahg) wrote :

   firefox | 7.0~b4+build2+nobinonly-0ubuntu1 | oneiric | source, amd64, i386

Changed in firefox (Ubuntu Oneiric):
status: Triaged → Fix Released
Revision history for this message
In , Hskupin (hskupin) wrote :

Because both websites have been issued new certificates meanwhile. Which means they are no valid testcases anymore.

Micah Gersten (micahg)
description: updated
Revision history for this message
In , Jbecerra-mozilla (jbecerra-mozilla) wrote :

This needs to be verified on Aurora.

Revision history for this message
In , Erik Bosman (ebosman) wrote :

(In reply to Henrik Skupin (:whimboo) from comment #35)
> Because both websites have been issued new certificates meanwhile. Which
> means they are no valid testcases anymore.

New testcase, the Dutch secret service still has a Diginotar cert!

Staat der Nederlanden Root CA via Diginotar PKIoverheid CA Overheid en Bedrijven:
https://www.aivd.nl/

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package thunderbird - 3.1.15+build1+nobinonly-0ubuntu0.11.04.1

---------------
thunderbird (3.1.15+build1+nobinonly-0ubuntu0.11.04.1) natty-security; urgency=low

  * New upstream release v3.1.15 (THUNDERBIRD_3_1_15_BUILD1)
    - see USN-1213-1

thunderbird (3.1.14+build2+nobinonly-0ubuntu0.11.04.1) natty-security; urgency=low

  * New upstream release v3.1.14 (THUNDERBIRD_3_1_14_BUILD2)
    - Reenable one of the Staat der Nederlanden Certificates; This was not a
      part of the compromised DigiNotar certificates (LP: #838322)
 -- Micah Gersten <email address hidden> Thu, 22 Sep 2011 01:19:34 -0500

Changed in thunderbird (Ubuntu Natty):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package thunderbird - 3.1.15+build1+nobinonly-0ubuntu0.10.04.1

---------------
thunderbird (3.1.15+build1+nobinonly-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release v3.1.15 (THUNDERBIRD_3_1_15_BUILD1)
    - see USN-1213-1

thunderbird (3.1.14+build2+nobinonly-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release v3.1.14 (THUNDERBIRD_3_1_14_BUILD2)
    - Reenable one of the Staat der Nederlanden Certificates; This was not a
      part of the compromised DigiNotar certificates (LP: #838322)
 -- Micah Gersten <email address hidden> Wed, 21 Sep 2011 14:15:06 -0500

Changed in thunderbird (Ubuntu Lucid):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package thunderbird - 3.1.15+build1+nobinonly-0ubuntu0.10.10.1

---------------
thunderbird (3.1.15+build1+nobinonly-0ubuntu0.10.10.1) maverick-security; urgency=low

  * New upstream release v3.1.15 (THUNDERBIRD_3_1_15_BUILD1)
    - see USN-1213-1

thunderbird (3.1.14+build2+nobinonly-0ubuntu0.10.10.1) maverick-security; urgency=low

  * New upstream release v3.1.14 (THUNDERBIRD_3_1_14_BUILD2)
    - Reenable one of the Staat der Nederlanden Certificates; This was not a
      part of the compromised DigiNotar certificates (LP: #838322)
 -- Micah Gersten <email address hidden> Wed, 21 Sep 2011 17:16:47 -0500

Changed in thunderbird (Ubuntu Maverick):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xulrunner-1.9.2 - 1.9.2.27+build1+nobinonly-0ubuntu0.11.04.1

---------------
xulrunner-1.9.2 (1.9.2.27+build1+nobinonly-0ubuntu0.11.04.1) natty-security; urgency=low

  * SECURITY UPDATE: New upstream release v1.9.2.27 (FIREFOX_3_6_27_BUILD1)
    See the following for more information:
    - LP: #934073
    - USN-1353-1
    - USN-1251-1
    - USN-1210-1
    - LP: #838322
    - LP: #837557
    - USN-1184-1
    - USN-1149-1
 -- Jamie Strandboge <email address hidden> Fri, 17 Feb 2012 08:04:19 -0600

Changed in xulrunner-1.9.2 (Ubuntu Natty):
status: Invalid → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.