diff -u unbound-1.4.1/debian/changelog unbound-1.4.1/debian/changelog
--- unbound-1.4.1/debian/changelog
+++ unbound-1.4.1/debian/changelog
@@ -1,3 +1,11 @@
+unbound (1.4.1-2ubuntu0.1) lucid-security; urgency=low
+
+  * SECURITY UPDATE:
+  * References: CVE 2011-1922 (LP: #788818)
+  * Add debian/patches/30_cve2011-1922 backported from 1.4.10
+
+ -- Scott Kitterman <scott@kitterman.com>  Sat, 28 May 2011 08:46:36 -0400
+
 unbound (1.4.1-2) unstable; urgency=low
 
   * Invoke dh_installinit with --restart-after-upgrade; closes: #563033.
diff -u unbound-1.4.1/debian/patches/series unbound-1.4.1/debian/patches/series
--- unbound-1.4.1/debian/patches/series
+++ unbound-1.4.1/debian/patches/series
@@ -1,2 +1,3 @@
 20_example_conf_default_chroot
+30_cve2011-1922
 10_libev_library
only in patch2:
unchanged:
--- unbound-1.4.1.orig/debian/patches/30_cve2011-1922
+++ unbound-1.4.1/debian/patches/30_cve2011-1922
@@ -0,0 +1,13 @@
+Backport from upstream fix in 1.4.10
+Index: unbound-1.4.1/daemon/worker.c
+===================================================================
+--- unbound-1.4.1.orig/daemon/worker.c	2011-05-28 08:45:41.222081931 -0400
++++ unbound-1.4.1/daemon/worker.c	2011-05-28 08:45:50.850081925 -0400
+@@ -743,6 +743,7 @@
+ 		qinfo.qtype == LDNS_RR_TYPE_IXFR) {
+ 		verbose(VERB_ALGO, "worker request: refused zone transfer.");
+ 		log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
++		ldns_buffer_rewind(c->buffer);
+ 		LDNS_QR_SET(ldns_buffer_begin(c->buffer));
+ 		LDNS_RCODE_SET(ldns_buffer_begin(c->buffer), 
+ 			LDNS_RCODE_REFUSED);