This appears to be incomplete remediation of Issue 1576283. In that bug, QuoVadis was asked to provide a complete list of affected certificates, but apparently failed to find [the cert](https://crt.sh/?q=b0f0c77444438fccde95d08dbeb9b3caf6fe65aeb1e5f6f16b798e820498211a) in this report. I’m also struggling to make sense of the dates, as they don’t make sense. The certificate is stated to have been misissued on 2020-06-15, but has already been replaced with the correct one on 2020-06-11, and that the issue predates the January 2020 remediation of Issue 1576283. There appears to be a lack of attention to detail in the incident report, in addition to the retroactive scan for non-compliance.
Bug 1645708 Comment 1 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
This appears to be incomplete remediation of Bug 1576283. In that bug, QuoVadis was asked to provide a complete list of affected certificates, but apparently failed to find [the cert](https://crt.sh/?q=b0f0c77444438fccde95d08dbeb9b3caf6fe65aeb1e5f6f16b798e820498211a) in this report. I’m also struggling to make sense of the dates, as they don’t make sense. The certificate is stated to have been misissued on 2020-06-15, but has already been replaced with the correct one on 2020-06-11, and that the issue predates the January 2020 remediation of bug 1576283. There appears to be a lack of attention to detail in the incident report, in addition to the retroactive scan for non-compliance.