diff -u vnc4-4.1.1+xorg1.0.2/debian/changelog vnc4-4.1.1+xorg1.0.2/debian/changelog
--- vnc4-4.1.1+xorg1.0.2/debian/changelog
+++ vnc4-4.1.1+xorg1.0.2/debian/changelog
@@ -1,3 +1,13 @@
+vnc4 (4.1.1+xorg1.0.2-0ubuntu1.6.06) dapper-security; urgency=low
+
+  * SECURITY UPDATE: Fix password-bypassing exploit.
+  * common/rfb/SConnection.cxx: Confirm that the requested authentication
+    method is actually valid. Patch taken from 4.1.2.
+  * References:
+    - CVE-2006-2369
+
+ -- William Grant <william.grant@ubuntu.org.au>  Fri,  5 Jan 2007 20:39:03 +1100
+
 vnc4 (4.1.1+xorg1.0.2-0ubuntu1) dapper; urgency=low
 
   * Reupload 4.1.1-0ubuntu4 as 4.1.1+xorg1.0.2-0ubuntu1; the former
only in patch2:
unchanged:
--- vnc4-4.1.1+xorg1.0.2.orig/common/rfb/SConnection.cxx
+++ vnc4-4.1.1+xorg1.0.2/common/rfb/SConnection.cxx
@@ -178,6 +178,16 @@
 {
   vlog.debug("processing security type message");
   int secType = is->readU8();
+
+  // Verify that the requested security type should be offered
+  std::list<rdr::U8> secTypes;
+  std::list<rdr::U8>::iterator i;
+  securityFactory->getSecTypes(&secTypes, reverseConnection);
+  for (i=secTypes.begin(); i!=secTypes.end(); i++)
+    if (*i == secType) break;
+  if (i == secTypes.end())
+    throw Exception("Requested security type not available");
+
   vlog.info("Client requests security type %s(%d)",
             secTypeName(secType),secType);