diff --git a/debian/changelog b/debian/changelog
index 6fe5bf578631aace46f3bd5e150f8662d48864fe..c1e16b0b61500adddc194530c5b3f7de74766243 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+libvncserver (0.9.12+dfsg-9) unstable; urgency=medium
+
+  * Bump Standards-Version: to 4.5.0. No changes needed.
+  * debian/patches:
+    + Add CVE-2019-15690/0001-heap-buffer-overflow.patch. (Closes: #954163).
+
+ -- Antoni Villalonga <antoni@friki.cat>  Sat, 21 Mar 2020 12:51:24 +0100
+
 libvncserver (0.9.12+dfsg-8) unstable; urgency=medium
 
   * debian/changelog:
diff --git a/debian/control b/debian/control
index b411808b29b8a888d91ebcfe3de8a090feb8315d..7486860e9db33cee24af0956d8fdc5951615eae5 100644
--- a/debian/control
+++ b/debian/control
@@ -13,7 +13,7 @@ Build-Depends: cmake (>= 3.4),
                libgcrypt20-dev,
                libsasl2-dev,
                zlib1g-dev
-Standards-Version: 4.4.1
+Standards-Version: 4.5.0
 Rules-Requires-Root: no
 Homepage: http://libvnc.github.io
 Vcs-Git: https://salsa.debian.org/debian-remote-team/libvncserver.git
diff --git a/debian/patches/CVE-2019-15690/0001-heap-buffer-overflow.patch b/debian/patches/CVE-2019-15690/0001-heap-buffer-overflow.patch
new file mode 100644
index 0000000000000000000000000000000000000000..165f340246f8955bf937ea4f487447c64074a2dd
--- /dev/null
+++ b/debian/patches/CVE-2019-15690/0001-heap-buffer-overflow.patch
@@ -0,0 +1,34 @@
+Commit: 54220248886b5001fbbb9fa73c4e1a2cb9413fed
+Author: Christian Beier <dontmind@freeshell.org>
+Date:   Sun Nov 17 17:18:35 2019 +0100
+
+    libvncclient/cursor: limit width/height input values
+    
+    Avoids a possible heap overflow reported by Pavel Cheremushkin
+    <Pavel.Cheremushkin@kaspersky.com>.
+    
+    re #275
+
+diff --git a/libvncclient/cursor.c b/libvncclient/cursor.c
+index 67f4572..40ffb3b 100644
+--- a/libvncclient/cursor.c
++++ b/libvncclient/cursor.c
+@@ -28,6 +28,8 @@
+ #define OPER_SAVE     0
+ #define OPER_RESTORE  1
+ 
++#define MAX_CURSOR_SIZE 1024
++
+ #define RGB24_TO_PIXEL(bpp,r,g,b)                                       \
+    ((((uint##bpp##_t)(r) & 0xFF) * client->format.redMax + 127) / 255             \
+     << client->format.redShift |                                              \
+@@ -54,6 +56,9 @@ rfbBool HandleCursorShape(rfbClient* client,int xhot, int yhot, int width, int h
+   if (width * height == 0)
+     return TRUE;
+ 
++  if (width >= MAX_CURSOR_SIZE || height >= MAX_CURSOR_SIZE)
++    return FALSE;
++
+   /* Allocate memory for pixel data and temporary mask data. */
+   if(client->rcSource)
+     free(client->rcSource);
diff --git a/debian/patches/series b/debian/patches/series
index 1012616dccfc0497f91b0f34948587ca6dce5a1a..5fe254cf9aa61087ff01f8b1b34171b9d8008b0b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@ CVE-2019-15681/0001-rfbserver-don-t-leak-stack-memory-to-the-remote.patch
 0003_rfbserver-dont-close-fd-0-accidentally.patch
 0004_avoid-pthread-join-if-backgroundLoop-is-FALSE.patch
 0005_LibVNCCient-fix-regression-in-tight-raw-decoding.patch
+CVE-2019-15690/0001-heap-buffer-overflow.patch