Hi Salvatore, all, CVE-2026-33633 and CVE-2026-33642 have been reported against kitty (see #1137210), the latter with a 9.9/10 CVE score, and hence fixes should make it to stable on priority.
I've prepared the patches, tested the PoCs in a stable (amd64) VM, and I can see kitty no longer crashing, and hence this should likely be good to go. My changes are at: https://salsa.debian.org/debian/kitty/-/tree/debian/trixie-security?ref_type=heads Can I go ahead and upload to trixie-security suite? Let me know. If I get no answers for a week, I'll consider that as a yes and will go ahead and upload it. Not trying to be pushy but I feel this should be fixed ASAP. Best, Nilesh
