Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-39689

Published: 5 July 2024

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."

Notes

AuthorNote
Priority reason:
Use of bundled CA certificates is patched out in Ubuntu
mdeslaur
On focal and earlier, the python-pip package bundles
python-certifi binaries when built. After updating
python-certifi, a no-change rebuild of python-pip is required.
On jammy and later, python-certifi is bundled in the python-pip
package and needs to be patched.

In Debian and Ubuntu, the python-certifi packages are patched to
return the location of the system CA certs provided by the
ca-certificates package. While the source and binary packages do
contain the ca certificates, they are not used by anything.

Priority

Negligible

Status

Package Release Status
python-certifi
Launchpad, Ubuntu, Debian
bionic Ignored
(see notes)
focal Ignored
(see notes)
jammy Ignored
(see notes)
mantic Ignored
(end of life, was needs-triage)
noble Ignored
(see notes)
upstream Needs triage

xenial Ignored
(see notes)
Patches:
upstream: https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
python-pip
Launchpad, Ubuntu, Debian
bionic Ignored
(see notes)
focal Ignored
(see notes)
jammy Ignored
(see notes)
mantic Ignored
(end of life, was needs-triage)
noble Ignored
(see notes)
trusty Ignored
(see notes)
upstream Needs triage

xenial Ignored
(see notes)