diff -Nru x11vnc-0.9.13/debian/changelog x11vnc-0.9.13/debian/changelog
--- x11vnc-0.9.13/debian/changelog	2018-04-13 14:09:45.000000000 +0000
+++ x11vnc-0.9.13/debian/changelog	2018-05-07 20:13:43.000000000 +0000
@@ -1,3 +1,10 @@
+x11vnc (0.9.13-6) unstable; urgency=medium
+
+  * Add two buffer overflow fixes from upstream. Closes: #851496, #859213.
+    This is a temporary measure, new upstream should be package instead.
+
+ -- Nikita Yushchenko <yoush@debian.org>  Mon, 07 May 2018 23:13:43 +0300
+
 x11vnc (0.9.13-5) unstable; urgency=low
 
   * Split build and install into arch and indep parts (Closes: #895591).
diff -Nru x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-record_CW.patch x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-record_CW.patch
--- x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-record_CW.patch	1970-01-01 00:00:00.000000000 +0000
+++ x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-record_CW.patch	2018-05-07 20:13:43.000000000 +0000
@@ -0,0 +1,11 @@
+--- a/x11vnc/xrecord.c
++++ b/x11vnc/xrecord.c
+@@ -964,7 +964,7 @@
+ 	data = (char *)req;
+ 	data += sz_xConfigureWindowReq;
+ 
+-	for (i=0; i<req->length; i++) {
++	for (i = 0; i < req->length - sz_xConfigureWindowReq / 4 && i < 4; i++) {
+ 		unsigned int v;
+ 		/*
+ 		 * We use unsigned int for the values.  There were
diff -Nru x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-snapshot_stack_list.patch x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-snapshot_stack_list.patch
--- x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-snapshot_stack_list.patch	1970-01-01 00:00:00.000000000 +0000
+++ x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-snapshot_stack_list.patch	2018-05-07 20:13:43.000000000 +0000
@@ -0,0 +1,13 @@
+--- a/x11vnc/win_utils.c
++++ b/x11vnc/win_utils.c
+@@ -262,8 +262,8 @@
+ 	}
+ 
+ 	last_snap = now;
+-	if (num > stack_list_len + blackouts) {
+-		int n = 2*num;
++	if (num + stack_list_len > blackouts) {
++		int n = 2 * (num + blackouts);
+ 		free(stack_list);
+ 		stack_list = (winattr_t *) malloc(n*sizeof(winattr_t));
+ 		stack_list_len = n;
diff -Nru x11vnc-0.9.13/debian/patches/series x11vnc-0.9.13/debian/patches/series
--- x11vnc-0.9.13/debian/patches/series	2018-04-13 14:09:45.000000000 +0000
+++ x11vnc-0.9.13/debian/patches/series	2018-05-07 20:13:43.000000000 +0000
@@ -4,3 +4,5 @@
 do-not-run-dbus-launch.patch
 enforce-bash.patch
 java_target_source.patch
+fix-buffer-overflow-in-snapshot_stack_list.patch
+fix-buffer-overflow-in-record_CW.patch