From da041a367f4036d4a90fb7c98a33e8defdd33891 Mon Sep 17 00:00:00 2001
From: Jan Grulich <jgrulich@redhat.com>
Date: Mon, 18 Dec 2023 08:11:40 +0100
Subject: [PATCH] Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds
 memory reads/writes in XKB button actions Resolves: RHEL-18410

Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
Resolves: RHEL-18422
---
 tigervnc.spec | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tigervnc.spec b/tigervnc.spec
index 3c35706..4dcff58 100644
--- a/tigervnc.spec
+++ b/tigervnc.spec
@@ -5,7 +5,7 @@
 
 Name:           tigervnc
 Version:        1.13.1
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        A TigerVNC remote display system
 
 %global _hardened_build 1
@@ -344,6 +344,12 @@ fi
 %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
 
 %changelog
+* Mon Dec 18 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-5
+- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
+  Resolves: RHEL-18410
+- Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
+  Resolves: RHEL-18422
+
 * Wed Nov 01 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-4
 - Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
   Resolves: RHEL-15236