Hi Simon, On Sat, Sep 27, 2025 at 09:43:03AM +0000, Debian Bug Tracking System wrote: > On Sat, 27 Sep 2025 at 09:22:02 +0200, Salvatore Bonaccorso wrote: > > CVE-2025-60018[0]: > > | glib-networking's OpenSSL backend > > > CVE-2025-60019[0]: > > | glib-networking's OpenSSL backend > > This is disabled by default upstream and we don't override that in Debian, > so I'm fairly sure this doesn't affect us. meson.options.txt says: > > # The OpenSSL backend is provided for systems where licensing considerations > # prohibit use of certain dependencies of GnuTLS. General-purpose Linux > distros > # should leave it disabled. Please don't second-guess our defaults. > > (which I think is an oblique way to say "this is only for distros that > refuse to use GPL-3.0 components").
Ah right, thanks for spotting this misstriage (it's my fault). Regards, Salvatore
