Headline
GHSA-248v-346w-9cwc: Certifi removes GLOBALTRUST root certificate
Certifi 2024.07.04 removes root certificates from “GLOBALTRUST” from the root store. These are in the process of being removed from Mozilla’s trust store.
GLOBALTRUST’s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues". Conclusions of Mozilla’s investigation can be found here.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-39689
Certifi removes GLOBALTRUST root certificate
Low severity GitHub Reviewed Published Jul 4, 2024 in certifi/python-certifi • Updated Jul 5, 2024
Package
pip certifi (pip)
Affected versions
>= 2021.05.30, < 2024.07.04
Patched versions
2024.07.04
Certifi 2024.07.04 removes root certificates from “GLOBALTRUST” from the root store. These are in the process of being removed from Mozilla’s trust store.
GLOBALTRUST’s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues". Conclusions of Mozilla’s investigation can be found here.
References
- GHSA-248v-346w-9cwc
- certifi/python-certifi@bd81538
Published to the GitHub Advisory Database
Jul 5, 2024