RedHat have released updates to tigervnc to address CVE-2023-1393, e.g. https://access.redhat.com/errata/RHSA-2023:1592 https://security-tracker.debian.org/tracker/CVE-2023-1393 does not mention tigervnc. Can you confirm whether or not the Debian tigervnc packages need to be updated to address CVE-2023-1393 ? Thanks, -- Andrew C. Aitchison Kendal, UK andrew@aitchison.me.uk