Decide whether we need an emergency release for DSA 6113-1 in OpenSSL

Process: https://tails.net/contribute/working_together/roles/release_manager/#index4h1

https://lists.debian.org/debian-security-announce/2026/msg00022.html

It seems there might be Tor Browser and c-tor updates: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41694#note_3332634

• does this affect Tails?
• is Tor Browser affected beyond it bundling c-tor? IOW do we need to update it on top of updating OpenSSL from Debian? → No
• is c-tor affected if we update the OpenSSL shared library? IOW de we need to update it on top of updating OpenSSL from Debian? → No, but a new release is out anyway
  • When will the new release be out? → Tor packages will be out by Wednesday
  • How important are the security fixes in the next tor release?
• what's the resulting risk level according to https://tails.net/contribute/security_policy/?
• are there mitigation measures that we could document, to avoid the emergency release?

cc @anonym