—
PYSEC-2023-135
Details
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store. e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / certifi
Introduced in:
2015.4.28 Fixed in: 2023.7.22 Fix
pip install --upgrade 'certifi>=2023.7.22' References
- https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A [WEB]
- https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2023-37920 [ADVISORY]
- https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 [ADVISORY]