Source: tmux Version: 3.6b-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for tmux. CVE-2026-11623[0]: | A security vulnerability has been detected in tmux up to 3.6a. | Affected is the function image_free of the file image.c. Such | manipulation leads to use after free. Local access is required to | approach this attack. This attack is characterized by high | complexity. The exploitability is told to be difficult. The exploit | has been disclosed publicly and may be used. Upgrading to version | 3.7-rc is able to address this issue. The name of the patch is | fc6d94a9f8a593bd8b7031650802084385d4ee03. The affected component | should be upgraded. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-11623 https://www.cve.org/CVERecord?id=CVE-2026-11623 [1] https://github.com/tmux/tmux/commit/fc6d94a9f8a593bd8b7031650802084385d4ee03 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
