# Certificate compromise - what happens in Gentoo?

## lyallp

Comodo Fraud Incident 

http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

Microsoft Security Advisory 

http://www.microsoft.com/technet/security/advisory/2524375.mspx

Mozilla Firefox Advisory 

http://www.mozilla.org/security/announce/2011/mfsa2011-11.html 

Will a simple emerge update do the job or do I have extra work to do?

----------

## 1clue

As I understand it, that blacklist is not maintained on your computer, but on servers at various certificate authorities.  Your browser has the CA list but not individual certificates.

So I think you don't do anything.

----------

## Hu

The fraudulent certificates were added to the Comodo CRL.  However, because many users turn off CRL checking for privacy reasons, all the major vendors pushed a patch which hardcodes those certificates as untrusted.  That patch is 3.6.16 for Firefox 3.6.x.  I believe I saw a claim that Firefox 4.0 was released late enough that it also has the blacklist, but I do not have a citation for that handy.

----------

