See bug #136916 for further details.
vino's auth.c is completely different from the one pointed to in #136916 . It may be a much older version. The patch doesn't apply at all.
Would you prefer audit take a look at it or can you figure out whether the vulnerability is already in there?
if audit team could take a look that would be great.
Setting to Auditing for a confirmation.
i've browsed the code and i think it doesn't use the affected code.
security perhaps we can close this bug ?
I've looked the code and I agree with Falco, the version included doesn't seem vulnerable, so closing as INVALID. Feel free to reopen if you disagree.