Comment 3 for bug 1565293

So it seems "Equifax Secure Certificate Authority" is still present in the latest ca-certificates package. Presumably once Mozilla removes it we will issue an updated ca-certificates package.

However, removing it still allows google to validate:

$ sudo rm /usr/lib/ssl/certs/Equifax_Secure_CA.pem

$ openssl s_client -quiet -verify_return_error -connect google.com:443 -CApath /usr/lib/ssl/certs
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = google.com
verify return:1