=== modified file 'debian/changelog'
--- debian/changelog	2017-12-09 22:44:41 +0000
+++ debian/changelog	2017-12-09 23:08:13 +0000
@@ -1,3 +1,12 @@
+brotli (0.3.0+dfsg-2ubuntu1) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: integer underflow in dec/decode.c (LP: #1737364)
+    - debian/patches/fix-integer-underflow.patch: upstream patch via Debian
+    - CVE-2016-1624
+    - CVE-2016-1968
+
+ -- Jeremy Bicha <jbicha@ubuntu.com>  Sat, 09 Dec 2017 17:45:50 -0500
+
 brotli (0.3.0+dfsg-2) unstable; urgency=medium
 
   * d/copyright: update to MIT

=== modified file 'debian/control'
--- debian/control	2017-12-09 22:44:41 +0000
+++ debian/control	2017-12-09 22:45:56 +0000
@@ -1,7 +1,8 @@
 Source: brotli
 Section: python
 Priority: optional
-Maintainer: Tomasz Buchert <tomasz@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Tomasz Buchert <tomasz@debian.org>
 Build-Depends: debhelper (>= 9),
                dh-python,
                python,

=== added directory 'debian/patches'
=== added file 'debian/patches/fix-integer-underflow.patch'
--- debian/patches/fix-integer-underflow.patch	1970-01-01 00:00:00 +0000
+++ debian/patches/fix-integer-underflow.patch	2016-03-27 06:46:28 +0000
@@ -0,0 +1,19 @@
+Description: Fix integer underflow
+ Fixes for CVE-2016-1968 and CVE-2016-1624
+Origin: https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
+Bug-Debian: https://bugs.debian.org/817233
+Index: brotli-0.3.0+dfsg/dec/decode.c
+===================================================================
+--- brotli-0.3.0+dfsg.orig/dec/decode.c	2015-12-22 08:28:21.000000000 -0800
++++ brotli-0.3.0+dfsg/dec/decode.c	2016-03-14 08:46:10.635050201 -0700
+@@ -1688,6 +1688,10 @@
+   } else {
+     const uint8_t *ringbuffer_end_minus_copy_length =
+         s->ringbuffer_end - i;
++    /* Check for possible underflow and clamp the pointer to 0. */
++    if (PREDICT_FALSE(s->ringbuffer_end < (const uint8_t*)0 + i)) {
++        ringbuffer_end_minus_copy_length = 0;
++    }
+     uint8_t* copy_src = &s->ringbuffer[
+         (pos - s->distance_code) & s->ringbuffer_mask];
+     uint8_t* copy_dst = &s->ringbuffer[pos];

=== added file 'debian/patches/series'
--- debian/patches/series	1970-01-01 00:00:00 +0000
+++ debian/patches/series	2016-03-27 06:46:28 +0000
@@ -0,0 +1,1 @@
+fix-integer-underflow.patch