Control: tags -1 + confirmed On Wed, 2026-06-17 at 14:22 +0200, Sven Geuer wrote: > I would like to close these bugs regarding trixie through p-u: > https://bugs.debian.org/1138174 > https://bugs.debian.org/1138253 > > [ Reason ] > This fixes CVE-2026-44988 and CVE-2026-50538 for trixie. > > [ Impact ] > CVE-2026-44988: A malicious VNC server can send a crafted > FramebufferUpdate rectangle which makes the client write beyond > fixed- > size Gradient buffers. > CVE-2026-50538: A malicious VNC server canĀ force a connecting > libvncclient to write attacker-controlled data past the end of its > framebuffer without the need of authentication.
Please go ahead. Regards, Adam

