diff -Nru qemu-2.0.0+dfsg/debian/changelog qemu-2.0.0+dfsg/debian/changelog
--- qemu-2.0.0+dfsg/debian/changelog	2015-08-05 16:28:15.000000000 +0200
+++ qemu-2.0.0+dfsg/debian/changelog	2015-08-17 11:45:04.000000000 +0200
@@ -1,3 +1,10 @@
+qemu (2.0.0+dfsg-2ubuntu1.17) trusty; urgency=medium
+
+  * qemu-nbd-fix-vdi-corruption.patch:
+    qemu-nbd: fix corruption while writing VDI volumes (LP: #1471836)
+
+ -- Pierre Schweitzer <pierre@reactos.org>  Mon, 17 Aug 2015 11:43:39 +0200
+
 qemu (2.0.0+dfsg-2ubuntu1.16) trusty; urgency=medium
 
   * Support qemu-kvm on x32, arm64, ppc64 and pp64el architectures
diff -Nru qemu-2.0.0+dfsg/debian/patches/qemu-nbd-fix-vdi-corruption.patch qemu-2.0.0+dfsg/debian/patches/qemu-nbd-fix-vdi-corruption.patch
--- qemu-2.0.0+dfsg/debian/patches/qemu-nbd-fix-vdi-corruption.patch	1970-01-01 01:00:00.000000000 +0100
+++ qemu-2.0.0+dfsg/debian/patches/qemu-nbd-fix-vdi-corruption.patch	2015-08-19 07:48:34.000000000 +0200
@@ -0,0 +1,86 @@
+From f0ab6f109630940146cbaf47d0cd99993ddba824 Mon Sep 17 00:00:00 2001
+From: Max Reitz <mreitz@redhat.com>
+Date: Fri, 27 Feb 2015 14:54:39 -0500
+Subject: [PATCH 1/1] block/vdi: Add locking for parallel requests
+Origin: backport, http://git.qemu.org/?p=qemu.git;a=commit;h=f0ab6f109630940146cbaf47d0cd99993ddba824
+Bug: https://bugs.launchpad.net/qemu/+bug/1422307
+
+When allocating a new cluster, the first write to it must be the one
+doing the allocation, because that one pads its write request to the
+cluster size; if another write to that cluster is executed before it,
+that write will be overwritten due to the padding.
+
+See https://bugs.launchpad.net/qemu/+bug/1422307 for what can go wrong
+without this patch.
+
+Cc: qemu-stable <qemu-stable@nongnu.org>
+Signed-off-by: Max Reitz <mreitz@redhat.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+---
+ block/vdi.c |   25 +++++++++++++++++++++++++
+ 1 files changed, 25 insertions(+), 0 deletions(-)
+
+Index: qemu-2.0.0+dfsg/block/vdi.c
+===================================================================
+--- qemu-2.0.0+dfsg.orig/block/vdi.c	2015-08-18 23:04:27.817046941 +0200
++++ qemu-2.0.0+dfsg/block/vdi.c	2015-08-18 23:04:27.813046920 +0200
+@@ -53,6 +53,7 @@
+ #include "block/block_int.h"
+ #include "qemu/module.h"
+ #include "migration/migration.h"
++#include "block/coroutine.h"
+ 
+ #if defined(CONFIG_UUID)
+ #include <uuid/uuid.h>
+@@ -184,6 +185,8 @@
+     /* VDI header (converted to host endianness). */
+     VdiHeader header;
+ 
++    CoMutex write_lock;
++
+     Error *migration_blocker;
+ } BDRVVdiState;
+ 
+@@ -483,6 +486,8 @@
+               "vdi", bs->device_name, "live migration");
+     migrate_add_blocker(s->migration_blocker);
+ 
++    qemu_co_mutex_init(&s->write_lock);
++
+     return 0;
+ 
+  fail_free_bmap:
+@@ -618,11 +623,31 @@
+                    buf, n_sectors * SECTOR_SIZE);
+             memset(block + (sector_in_block + n_sectors) * SECTOR_SIZE, 0,
+                    (s->block_sectors - n_sectors - sector_in_block) * SECTOR_SIZE);
++
++            /* Note that this coroutine does not yield anywhere from reading the
++             * bmap entry until here, so in regards to all the coroutines trying
++             * to write to this cluster, the one doing the allocation will
++             * always be the first to try to acquire the lock.
++             * Therefore, it is also the first that will actually be able to
++             * acquire the lock and thus the padded cluster is written before
++             * the other coroutines can write to the affected area. */
++            qemu_co_mutex_lock(&s->write_lock);
+             ret = bdrv_write(bs->file, offset, block, s->block_sectors);
++            qemu_co_mutex_unlock(&s->write_lock);
+         } else {
+             uint64_t offset = s->header.offset_data / SECTOR_SIZE +
+                               (uint64_t)bmap_entry * s->block_sectors +
+                               sector_in_block;
++            qemu_co_mutex_lock(&s->write_lock);
++            /* This lock is only used to make sure the following write operation
++             * is executed after the write issued by the coroutine allocating
++             * this cluster, therefore we do not need to keep it locked.
++             * As stated above, the allocating coroutine will always try to lock
++             * the mutex before all the other concurrent accesses to that
++             * cluster, therefore at this point we can be absolutely certain
++             * that that write operation has returned (there may be other writes
++             * in flight, but they do not concern this very operation). */
++            qemu_co_mutex_unlock(&s->write_lock);
+             ret = bdrv_write(bs->file, offset, buf, n_sectors);
+         }
+ 
diff -Nru qemu-2.0.0+dfsg/debian/patches/series qemu-2.0.0+dfsg/debian/patches/series
--- qemu-2.0.0+dfsg/debian/patches/series	2015-07-27 20:23:02.000000000 +0200
+++ qemu-2.0.0+dfsg/debian/patches/series	2015-08-17 11:41:49.000000000 +0200
@@ -63,3 +63,4 @@
 ubuntu/add-machine-type-pc-i440fx-1.5-qemu-kvm-for-live-migrate.patch
 CVE-2015-3214.patch
 CVE-2015-5154.patch
+qemu-nbd-fix-vdi-corruption.patch