Control: tags -1 + confirmed

On Wed, 2026-06-17 at 14:22 +0200, Sven Geuer wrote:
> I would like to close these bugs regarding trixie through p-u:
> https://bugs.debian.org/1138174
> https://bugs.debian.org/1138253
> 
> [ Reason ]
> This fixes CVE-2026-44988 and CVE-2026-50538 for trixie.
> 
> [ Impact ]
> CVE-2026-44988: A malicious VNC server can send a crafted
> FramebufferUpdate rectangle which makes the client write beyond
> fixed-
> size Gradient buffers.
> CVE-2026-50538: A malicious VNC server canĀ  force a connecting
> libvncclient to write attacker-controlled data past the end of its
> framebuffer without the need of authentication.

Please go ahead.

Regards,

Adam

Reply via email to