Interesting things from the patch (please correct me if I got anything wrong):
1. The true bug number is 682927. Looking at the preceding and following bug reports, it was created between 2011-08-29 11:59 PDT and 2011-08-29 12:05 PDT.
2. Certificates from the "DigiNotar Root CA" issued after "01-JUL-2011 00:00" are blacklisted, and the user cannot override this.
3. Certificates issued by "Staat der Nederlanden Root CA" (and which do not fall into the previous rule) are still trusted by default, according to a code comment, "By request of the Dutch government".
4. Other DigiNotar certificates are considered untrusted by default (but the user can override this according to the comments, probably the same way a user can trust a self-signed certificate).