Headline
GHSA-xqr8-7jwr-rhp7: Removal of e-Tugra root certificate
Certifi 2023.07.22 removes root certificates from “e-Tugra” from the root store. These are in the process of being removed from Mozilla’s trust store.
e-Tugra’s root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla’s investigation can be found here.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2023-37920
Removal of e-Tugra root certificate
Low severity GitHub Reviewed Published Jul 22, 2023 in certifi/python-certifi • Updated Jul 25, 2023
Package
pip certifi (pip)
Affected versions
>= 2015.04.28, < 2023.07.22
Patched versions
2023.07.22
Certifi 2023.07.22 removes root certificates from “e-Tugra” from the root store. These are in the process of being removed from Mozilla’s trust store.
e-Tugra’s root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla’s investigation can be found here.
References
- GHSA-xqr8-7jwr-rhp7
- certifi/python-certifi@8fb96ed
Published to the GitHub Advisory Database
Jul 25, 2023
Last updated
Jul 25, 2023
Related news
Red Hat Security Advisory 2023-7528-01 - An update for fence-agents is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Security Advisory 2023-7523-01 - An update for fence-agents is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Security Advisory 2023-7435-01 - An update for fence-agents is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.