Hello! I skimmed the paper you pointed out and commit history in the upstream Git repository, and I came to conclusion that to address the issue, it is simpler and safer to upload the latest upstream release rather than collecting and backporting targeted fixes despite of the final stage of freezing in Debian. I would prefer to upload an update of the telegram- desktop package and its satellites, libtgowt and libtgvoip, if the release team does not mind.
There were a lot of changes since 2.6.1 version currently available in unstable. Fixes of the security issue were not isolated, and it is too burdensome splitting them now.
signature.asc
Description: This is a digitally signed message part
