Bug#1116429: Bug#1116430 closed by Simon McVittie <smcv at debian.org> (Re: glib-networking: CVE-2025-60018, CVE-2025-60019)
Salvatore Bonaccorso
carnil at debian.org
Sat Sep 27 10:55:41 BST 2025
Hi Simon,
On Sat, Sep 27, 2025 at 09:43:03AM +0000, Debian Bug Tracking System wrote:
> On Sat, 27 Sep 2025 at 09:22:02 +0200, Salvatore Bonaccorso wrote:
> > CVE-2025-60018[0]:
> > | glib-networking's OpenSSL backend
>
> > CVE-2025-60019[0]:
> > | glib-networking's OpenSSL backend
>
> This is disabled by default upstream and we don't override that in Debian,
> so I'm fairly sure this doesn't affect us. meson.options.txt says:
>
> # The OpenSSL backend is provided for systems where licensing considerations
> # prohibit use of certain dependencies of GnuTLS. General-purpose Linux distros
> # should leave it disabled. Please don't second-guess our defaults.
>
> (which I think is an oblique way to say "this is only for distros that
> refuse to use GPL-3.0 components").
Ah right, thanks for spotting this misstriage (it's my fault).
Regards,
Salvatore
More information about the pkg-gnome-maintainers
mailing list