diff -u qemu-kvm-0.11.0/debian/changelog qemu-kvm-0.11.0/debian/changelog
--- qemu-kvm-0.11.0/debian/changelog
+++ qemu-kvm-0.11.0/debian/changelog
@@ -1,3 +1,14 @@
+qemu-kvm (0.11.0-0ubuntu6.4) karmic-security; urgency=low
+
+  [ Neil Wilson <neil@aldur.co.uk> ]
+  * SECURITY UPDATE: Setting VNC password to empty string silently
+    disables all authentication (LP: #697197)
+    - debian/patches/697197-fix-vnc-password-semantics.patch: Reverses the
+      change introduced in Qemu by git commit 52c18be9
+    - CVE-2011-0011
+
+ -- Dustin Kirkland <kirkland@ubuntu.com>  Fri, 11 Feb 2011 17:46:26 -0600
+
 qemu-kvm (0.11.0-0ubuntu6.3) karmic-security; urgency=low
 
   * SECURITY UPDATE: linux <= 2.6.25 guests (e.g. hardy) with virtio
diff -u qemu-kvm-0.11.0/debian/patches/series qemu-kvm-0.11.0/debian/patches/series
--- qemu-kvm-0.11.0/debian/patches/series
+++ qemu-kvm-0.11.0/debian/patches/series
@@ -10,0 +11 @@
+697197-fix-vnc-password-semantics.patch
only in patch2:
unchanged:
--- qemu-kvm-0.11.0.orig/debian/patches/697197-fix-vnc-password-semantics.patch
+++ qemu-kvm-0.11.0/debian/patches/697197-fix-vnc-password-semantics.patch
@@ -0,0 +1,17 @@
+## Description: Stop 'change password' switching off VNC authentication
+## Author: Neil Wilson <neil@aldur.co.uk>
+## Bug: http://launchpad.net/bugs/697197
+--- a/vnc.c
++++ b/vnc.c
+@@ -2461,11 +2461,6 @@
+     if (password && password[0]) {
+         if (!(vs->password = qemu_strdup(password)))
+             return -1;
+-        if (vs->auth == VNC_AUTH_NONE) {
+-            vs->auth = VNC_AUTH_VNC;
+-        }
+-    } else {
+-        vs->auth = VNC_AUTH_NONE;
+     }
+ 
+     return 0;