Hi John, hi Adrian On Thu, Mar 05, 2026 at 12:28:54AM +0200, Adrian Bunk wrote: > Control: tags -1 moreinfo > > On Wed, Mar 04, 2026 at 11:14:10PM +0100, Salvatore Bonaccorso wrote: > > Hi Adrian, > > Hi Salvatore, > > > On Wed, Mar 04, 2026 at 11:20:19PM +0200, Adrian Bunk wrote: > > > Package: release.debian.org > > > Severity: normal > > > Tags: trixie > > > X-Debbugs-Cc: [email protected], [email protected] > > > Control: affects -1 + src:ckermit > > > User: [email protected] > > > Usertags: pu > > > > > > * CVE-2025-68920: Block remote control of the local kermit by default. > > > Closes: #1123025 > > > * Permanently disable OpenSSL version check. Closes: #1118629. > > > > > > The OpenSSL version check is currently a problem for the trixie > > > package in trixie. > > > > I think for this one you might want to ask John (we were back in > > december in contact with him, decided not to do a DSA, and asked if he > > can propose an update once confident). > > thanks for the information. > > Tagging moreinfo, waiting for feedback from John.
John, any comments here? IIRC there were comments to not change the behaviour in stable, but I'm not sure anymore. The deadline is approaching to get the change included in the next point release so your input would be helpful for decision if Adrian should go ahead or cancel ad we further ignore the change for the CVE. Regards, Salvatore
