Hi, On Wed, Dec 03, 2025 at 02:05:16AM +0100, Daniel Leidert wrote: > Hi Marcio, > > are you still working on zulucrypt, and are you considering to address > #1108288 (CVE-2025-53391)?
Btw, I just asked if it would be a better option to remove zulucrypt, cf. #1124603. For the security fix I see those two options, either drop the patch to the policykit rule and make only auth_admin allowed, or maybe it it does not make sense/useful zulucyrpt, request removal of zulucyrpt in a point release. For unstable, if fixing the RC issues instead of removal, then we might still want to block entering testing until it is rebased to a current version from upstream? Regards, Salvatore
