diff -u amule-2.2.4/debian/changelog amule-2.2.4/debian/changelog
--- amule-2.2.4/debian/changelog
+++ amule-2.2.4/debian/changelog
@@ -1,3 +1,10 @@
+amule (2.2.4-1ubuntu1.1) jaunty-security; urgency=low
+
+  * Security Update (LP: #396807)
+  * add debian/patches/CVE-2009-1440.patch to fix possible code execution
+
+ -- Andreas Moog <amoog@ubuntu.com>  Wed, 08 Jul 2009 01:59:01 +0200
+
 amule (2.2.4-1ubuntu1) jaunty; urgency=low
 
   * Merge from debian unstable (LP: #355046), remaining changes:
diff -u amule-2.2.4/debian/patches/series amule-2.2.4/debian/patches/series
--- amule-2.2.4/debian/patches/series
+++ amule-2.2.4/debian/patches/series
@@ -3,0 +4 @@
+CVE-2009-1440.patch
only in patch2:
unchanged:
--- amule-2.2.4.orig/debian/patches/CVE-2009-1440.patch
+++ amule-2.2.4/debian/patches/CVE-2009-1440.patch
@@ -0,0 +1,16 @@
+Index: amule-2.2.4/src/DownloadListCtrl.cpp
+===================================================================
+--- amule-2.2.4.orig/src/DownloadListCtrl.cpp	2009-07-08 01:58:13.986653298 +0200
++++ amule-2.2.4/src/DownloadListCtrl.cpp	2009-07-08 01:58:23.294653170 +0200
+@@ -2295,6 +2295,11 @@
+ 		// This is a complete file
+ 		// FIXME: This is probably not going to work if the filenames are mangled ...
+ 		wxString rawFileName = file->GetFullName().GetRaw();
++
++#ifndef __WXMSW__
++		rawFileName.Replace(QUOTE, wxT("\\") QUOTE);
++#endif
++
+ 		if (!command.Replace(wxT("$file"), rawFileName)) {
+ 			// No magic string, so we just append the filename to the player command
+ 			// Need to use quotes in case filename contains spaces