diff -u vnc4-4.1.1+xorg1.0.2/debian/patches/xorg-vnc-debian.patch vnc4-4.1.1+xorg1.0.2/debian/patches/xorg-vnc-debian.patch
--- vnc4-4.1.1+xorg1.0.2/debian/patches/xorg-vnc-debian.patch
+++ vnc4-4.1.1+xorg1.0.2/debian/patches/xorg-vnc-debian.patch
@@ -155,6 +155,28 @@
  #ifdef XIDLE
      if (!noXIdleExtension) XIdleExtensionInit();
  #endif
+diff -Naur xorg-server-1.0.0/hw/xfree86/os-support/linux/lnx_io.c xorg-server-1.0.0-patched/hw/xfree86/os-support/linux/lnx_io.c
+--- xorg-server-1.0.0/hw/xfree86/os-support/linux/lnx_io.c	2005-08-26 17:24:21.000000000 +1000
++++ xorg-server-1.0.0-patched/hw/xfree86/os-support/linux/lnx_io.c	2007-01-06 14:23:50.000000000 +1100
+@@ -74,7 +74,6 @@
+ #include <linux/version.h>
+ #ifdef __sparc__
+ #include <asm/param.h>
+-#include <asm/kbio.h>
+ #endif
+ 
+ /* Deal with spurious kernel header change in struct kbd_repeat.
+diff -Naur xorg-server-1.0.0/hw/xfree86/os-support/linux/lnx_kbd.c xorg-server-1.0.0-patched/hw/xfree86/os-support/linux/lnx_kbd.c
+--- xorg-server-1.0.0/hw/xfree86/os-support/linux/lnx_kbd.c	2005-08-26 17:24:21.000000000 +1000
++++ xorg-server-1.0.0-patched/hw/xfree86/os-support/linux/lnx_kbd.c	2007-01-06 14:23:50.000000000 +1100
+@@ -104,7 +104,6 @@
+ #include <linux/version.h>
+ #ifdef __sparc__
+ #include <asm/param.h>
+-#include <asm/kbio.h>
+ #endif
+ 
+ /* Deal with spurious kernel header change in struct kbd_repeat.
 diff -Naur xorg-server-1.0.0/hw/xfree86/int10/Makefile.am xorg-server-1.0.0-patched/hw/xfree86/int10/Makefile.am
 --- xorg-server-1.0.0/hw/xfree86/int10/Makefile.am      2005-12-02 07:02:41.000000000 +0100
 +++ xorg-server-1.0.0-patched/hw/xfree86/int10/Makefile.am      2006-01-24 03:01:56.000000000 +0100
diff -u vnc4-4.1.1+xorg1.0.2/debian/control vnc4-4.1.1+xorg1.0.2/debian/control
--- vnc4-4.1.1+xorg1.0.2/debian/control
+++ vnc4-4.1.1+xorg1.0.2/debian/control
@@ -2,7 +2,7 @@
 Section: x11
 Priority: optional
 Maintainer: Ola Lundqvist <opal@debian.org>
-Build-Depends: debhelper (>= 4.0.0), perl, zlib1g-dev, automake1.9, autoconf, xserver-xorg-dev, xutils, pkg-config, x11proto-bigreqs-dev, x11proto-composite-dev, x11proto-core-dev, x11proto-damage-dev, x11proto-evie-dev, x11proto-fixes-dev, x11proto-kb-dev (>= 1.0.1-1), x11proto-xinerama-dev, x11proto-randr-dev, x11proto-record-dev, x11proto-render-dev, x11proto-resource-dev, x11proto-scrnsaver-dev, x11proto-trap-dev, x11proto-video-dev, x11proto-xcmisc-dev, x11proto-xext-dev (>= 6.9.99.0-1), x11proto-xf86bigfont-dev, x11proto-xf86dga-dev, x11proto-xf86misc-dev, x11proto-xf86vidmode-dev, xtrans-dev, libxau-dev (>= 1:0.1.2-1), libxdmcp-dev (>= 1:0.1.3-2), libxfont-dev, libfontenc-dev, libxkbfile-dev (>= 7.0.0-1), x11proto-xf86dri-dev, libdrm-dev (>> 2.0), mesa-swrast-source (>> 6.4.1), x11proto-gl-dev (>= 1.4.1-1), libgl1-mesa-dev, libxmuu-dev (>= 1:6.2.3-1), libxext-dev (>= 1:6.4.3-1), libx11-dev (>= 1:6.2.1+cvs.20050722-1), libxrender-dev (>= 1:0.9.0-1), libxi-dev (>= 1:1.3.0-2), x11proto-dmx-dev, dpatch, libdmx-dev, libxpm-dev (>= 1:3.5.3-1), libxaw7-dev (>= 2:0.99.1-1), libxt-dev (>> 1:0.99.3+cvs.20051212), libxmu-dev (>= 2:0.99.1-1), libxtst-dev (>= 2:0.99.1-1), libxres-dev (>= 1:1.0.2+0.99.1-1), libfreetype6-dev, flex
+Build-Depends: debhelper (>= 4.0.0), perl, zlib1g-dev, automake1.9, autoconf, xserver-xorg-dev, xutils, pkg-config, x11proto-bigreqs-dev, x11proto-composite-dev, x11proto-core-dev, x11proto-damage-dev, x11proto-evie-dev, x11proto-fixes-dev, x11proto-kb-dev (>= 1.0.1-1), x11proto-xinerama-dev, x11proto-randr-dev, x11proto-record-dev, x11proto-render-dev, x11proto-resource-dev, x11proto-scrnsaver-dev, x11proto-trap-dev, x11proto-video-dev, x11proto-xcmisc-dev, x11proto-xext-dev (>= 6.9.99.0-1), x11proto-xf86bigfont-dev, x11proto-xf86dga-dev, x11proto-xf86misc-dev, x11proto-xf86vidmode-dev, xtrans-dev, libxau-dev (>= 1:0.1.2-1), libxdmcp-dev (>= 1:0.1.3-2), libxfont-dev, libfontenc-dev, libxkbfile-dev (>= 7.0.0-1), x11proto-xf86dri-dev, libdrm-dev (>> 2.0), mesa-swx11-source (>> 6.4.1), x11proto-gl-dev (>= 1.4.1-1), libgl1-mesa-dev, libxmuu-dev (>= 1:6.2.3-1), libxext-dev (>= 1:6.4.3-1), libx11-dev (>= 1:6.2.1+cvs.20050722-1), libxrender-dev (>= 1:0.9.0-1), libxi-dev (>= 1:1.3.0-2), x11proto-dmx-dev, dpatch, libdmx-dev, libxpm-dev (>= 1:3.5.3-1), libxaw7-dev (>= 2:0.99.1-1), libxt-dev (>> 1:0.99.3+cvs.20051212), libxmu-dev (>= 2:0.99.1-1), libxtst-dev (>= 2:0.99.1-1), libxres-dev (>= 1:1.0.2+0.99.1-1), libfreetype6-dev, flex
 Standards-Version: 3.6.1
 
 Package: vnc4server
diff -u vnc4-4.1.1+xorg1.0.2/debian/changelog vnc4-4.1.1+xorg1.0.2/debian/changelog
--- vnc4-4.1.1+xorg1.0.2/debian/changelog
+++ vnc4-4.1.1+xorg1.0.2/debian/changelog
@@ -1,3 +1,18 @@
+vnc4 (4.1.1+xorg1.0.2-0ubuntu1.6.10) edgy-security; urgency=low
+
+  * SECURITY UPDATE: Fix password-bypassing exploit.
+    - common/rfb/SConnection.cxx: Confirm that the requested authentication
+      method is actually valid. Patch taken from 4.1.2.
+    - References:
+      + CVE-2006-2369
+  * Various fixes to fix FTBFSes on Edgy:
+    + debian/control: Fix Build-Depends.
+    + debian/rules: Fix bashisms.
+    + debian/patches/xorg-vnc-debian.patch: Modify to remove deprecated include
+      of asm/kbio.h, in lnx_{kbd,io}.c, fixes FTBFS on sparc.
+
+ -- William Grant <william.grant@ubuntu.org.au>  Sat,  6 Jan 2007 14:26:18 +1100
+
 vnc4 (4.1.1+xorg1.0.2-0ubuntu1) dapper; urgency=low
 
   * Reupload 4.1.1-0ubuntu4 as 4.1.1+xorg1.0.2-0ubuntu1; the former
diff -u vnc4-4.1.1+xorg1.0.2/debian/rules vnc4-4.1.1+xorg1.0.2/debian/rules
--- vnc4-4.1.1+xorg1.0.2/debian/rules
+++ vnc4-4.1.1+xorg1.0.2/debian/rules
@@ -62,13 +62,16 @@
 	cd unix && ln -s ../xorg-server-1.0.2 xorg-server-1.0.2
 	cp -a unix/xc/programs/Xserver/vnc/Xvnc/xvnc.cc \
 		unix/xc/programs/Xserver/Xvnc.man \
-		unix/xc/programs/Xserver/vnc/*.{h,cc} \
+		unix/xc/programs/Xserver/vnc/*.h \
+		unix/xc/programs/Xserver/vnc/*.cc \
 		xorg-server-*/hw/vnc/
-	cp -a xorg-server-*/{cfb/cfb.h,hw/vnc}
-	cp -a xorg-server-*/{fb/fb.h,hw/vnc}
-	cp -a xorg-server-*/{fb/fbrop.h,hw/vnc}
+	cp -a xorg-server-*/cfb/cfb.h xorg-server-*/hw/vnc
+	cp -a xorg-server-*/fb/fb.h xorg-server-*/hw/vnc
+	cp -a xorg-server-*/fb/fbrop.h xorg-server-*/hw/vnc
 	sed -i -e 's,xor,c_xor,' -e 's,and,c_and,' \
-		xorg-server-*/hw/vnc/{cfb,fb,fbrop}.h
+		xorg-server-*/hw/vnc/cfb.h \
+		xorg-server-*/hw/vnc/fb.h \
+		xorg-server-*/hw/vnc/fbrop.h
 	cd xorg-server && automake-1.9
 	cd xorg-server && autoconf
 	cd xorg-server && ./configure \
only in patch2:
unchanged:
--- vnc4-4.1.1+xorg1.0.2.orig/common/rfb/SConnection.cxx
+++ vnc4-4.1.1+xorg1.0.2/common/rfb/SConnection.cxx
@@ -178,6 +178,16 @@
 {
   vlog.debug("processing security type message");
   int secType = is->readU8();
+
+  // Verify that the requested security type should be offered
+  std::list<rdr::U8> secTypes;
+  std::list<rdr::U8>::iterator i;
+  securityFactory->getSecTypes(&secTypes, reverseConnection);
+  for (i=secTypes.begin(); i!=secTypes.end(); i++)
+    if (*i == secType) break;
+  if (i == secTypes.end())
+    throw Exception("Requested security type not available");
+
   vlog.info("Client requests security type %s(%d)",
             secTypeName(secType),secType);