The updated packages fix security vulnerabilities: Possible 1-byte buffer overrun on NTLMv2 proxy responses. (CVE-2026-11771) Memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes. (CVE-2026-12932) Use-after-free bug in ackwritebuf(), triggerable by a well-timed sequence of control channel + authentication packets. (CVE-2026-12996) Use-after-free bug in tlswrapreneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets. (CVE-2026-13117) Server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active. (CVE-2026-13122) Another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash. (CVE-2026-13698)