CLSA-2026-1779455173 Fix CVE(s): CVE-2026-43618
SECURITY UPDATE: integer overflow in compressed-token decoder allows memory disclosure to a malicious sender - debian/patches/CVE-2026-43618.patch: cap rxtoken at MAXTOKENINDEX and add overflow checks in recvcompressedtokennum/run; add CHUNKSIZE bound check in simplerecvtoken; initialize data=NUL...