Updated novnc package fixes security vulnerability:
noVNC before 0.5.1 allows an attacker to steal insecurely set session token cookies, hijacking active or inactive VNC sessions (CVE-2013-7436).
{ "section": "core" }