Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:10 relevant versions.
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.
xorg-server to version 2:1.19.4-1 or higher.