scripts/ssvnc | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 improve handling of -h[e[l[p]]]
 Catches -he and -hel as well, instead of letting wish print its usage 
 message (that sounds like an error message).

vnc_unixsrc/vncviewer/argsresources.c | 31 2 + 29 - 0 !
1 file changed, 2 insertions(+), 29 deletions(-)

 use hardcoded (and correct for the debian package) path to ultraftp.jar
 if SSVNC_ULTRA_FTP_JAR is unset.

Makefile | 1 0 + 1 - 0 !
vncstorepw/Makefile | 2 0 + 2 - 0 !
2 files changed, 3 deletions(-)

 don't strip ssvncviewer; let dh_strip handle that (or not, depending on build options)

Makefile | 6 3 + 3 - 0 !
vncstorepw/Makefile | 2 1 + 1 - 0 !
2 files changed, 4 insertions(+), 4 deletions(-)

 pass cflags and ldflags to xmkmf-generated makefiles
 Pass CFLAGS and LDFLAGS through via ./Makefile as
 CDEBUGFLAGS and LOCAL_LDFLAGS to vnc_unixsrc/*/Makefile

vnc_unixsrc/vncviewer/sockets.c | 16 8 + 8 - 0 !
vnc_unixsrc/vncviewer/vncviewer.c | 4 2 + 2 - 0 !
2 files changed, 10 insertions(+), 10 deletions(-)

 fix format-security warnings/errors
 Replaces fprintf(stderr, str) with fputs(str, stderr) (where str in
 most cases is argv[0]) and also one instance of sprintf (without
 format string) with snprintf (with format string).

vncstorepw/ultravnc_dsm_helper.c | 58 32 + 26 - 0 !
1 file changed, 32 insertions(+), 26 deletions(-)

---

vnc_unixsrc/vncviewer/desktop.c | 60 26 + 34 - 0 !
1 file changed, 26 insertions(+), 34 deletions(-)

 make autoscaling work.
 1) Add a StructureNotifyMask event handler to be notified of windows resizings,
    rather than checking for size changes twice every second in the Expose handler.
    Using the size of "form" seems to work best. Skip checking for pressed mouse
    buttons - those shouldn't matter in this situation, and the old code aborted
    if modifier keys were pressed or Caps Lock or Num Lock active.
 2) Avoid freaking out if the windows haven't been realized yet -
    instead use scale factor 1. This prevented setting -scale auto
    on the command line from working.
Bug: https://sourceforge.net/p/ssvnc/bugs/5/
Bug-Debian: https://bugs.debian.org/801804
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ssvnc/+bug/1312966

vnc_unixsrc/vncviewer/rfbproto.c | 4 2 + 2 - 0 !
vnc_unixsrc/vncviewer/sockets.c | 14 11 + 3 - 0 !
2 files changed, 13 insertions(+), 5 deletions(-)

 use a struct sockaddr_storage to retrieve local and peer addresses and compare according to address family.
 Also check if -rawlocal was specified before even checking whether the remote machine is the local one.
Bug-Debian: https://bugs.debian.org/774622

vnc_unixsrc/vncviewer/corre.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 cve-2018-20020
 heap out-of-bound write vulnerability inside structure in VNC client code that
 can result remote code execution

vnc_unixsrc/vncviewer/rfbproto.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 cve-2018-20021
 CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows
 attacker to consume excessive amount of resources like CPU and RAM

vnc_unixsrc/vncviewer/rfbproto.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 cve-2018-20022
 multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC
 client code that allows attacker to read stack memory and can be abuse for
 information disclosure. Combined with another vulnerability, it can be used
 to leak stack memory layout and in bypassing ASLR

vnc_unixsrc/vncviewer/zlib.c | 5 5 + 0 - 0 !
vnc_unixsrc/vncviewer/zrle.c | 6 6 + 0 - 0 !
2 files changed, 11 insertions(+)

 cve-2018-20024
 null pointer dereference in VNC client code that can result DoS.