Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-xqr8-7jwr-rhp7: Removal of e-Tugra root certificate

Certifi 2023.07.22 removes root certificates from “e-Tugra” from the root store. These are in the process of being removed from Mozilla’s trust store.

e-Tugra’s root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla’s investigation can be found here.

ghsa
#google#git
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-37920

Removal of e-Tugra root certificate

Low severity GitHub Reviewed Published Jul 22, 2023 in certifi/python-certifi • Updated Jul 25, 2023

Package

pip certifi (pip)

Affected versions

>= 2015.04.28, < 2023.07.22

Patched versions

2023.07.22

Certifi 2023.07.22 removes root certificates from “e-Tugra” from the root store. These are in the process of being removed from Mozilla’s trust store.

e-Tugra’s root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla’s investigation can be found here.

References

  • GHSA-xqr8-7jwr-rhp7
  • certifi/python-certifi@8fb96ed

Published to the GitHub Advisory Database

Jul 25, 2023

Last updated

Jul 25, 2023

Related news

Red Hat Security Advisory 2024-8228-03

Red Hat Security Advisory 2024-8228-03 - Red Hat OpenShift Container Platform release 4.17.2 is now available with updates to packages and images that fix several bugs.

Red Hat Security Advisory 2023-7528-01

Red Hat Security Advisory 2023-7528-01 - An update for fence-agents is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2023-7523-01

Red Hat Security Advisory 2023-7523-01 - An update for fence-agents is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2023-7435-01

Red Hat Security Advisory 2023-7435-01 - An update for fence-agents is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

CVE-2023-37920: Review of e-Tugra's Inclusion in Mozilla’s Root Store

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.