Removal of e-Tugra root certificate

GHSA-xqr8-7jwr-rhp7 · CVE-2023-37920 · PYSEC-2023-135

Published Jul 25, 2023 · Modified Feb 4, 2026

Description

Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.

e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.

References

WEB https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-37920
WEB https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909
PACKAGE https://github.com/certifi/python-certifi
WEB https://github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2023-135.yaml
WEB https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A
WEB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG
WEB https://security.netapp.com/advisory/ntap-20240912-0002

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes