Package: libssl3 Version: 3.1.5-1 Severity: minor The news entry for 3.1.4-2 says, "TLSv1.0, TLSv1.1 and DTLS 1.0 work only at security level 0 (it was previously allowed at security level 0)"
By my reading, this is saying that 3.1.4-2 changes legacy TLS to work only at security level zero, from the previous state of... them working only at security level zero. In other words, that there is no change. I couldn't find the commit that changed this, so I can't say what the parenthetical should contain; please consider either dropping the "it was previously allowed..." section, or changing it to "allowed at security level 2" or whatever the correct answer is. -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-18-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libssl3 depends on: ii libc6 2.37-15 libssl3 recommends no packages. libssl3 suggests no packages. -- no debconf information
