diff -u amule-2.2.0~svn20080218/debian/changelog amule-2.2.0~svn20080218/debian/changelog
--- amule-2.2.0~svn20080218/debian/changelog
+++ amule-2.2.0~svn20080218/debian/changelog
@@ -1,3 +1,16 @@
+amule (2.2.0~svn20080218-0ubuntu4.1) hardy-security; urgency=low
+
+  * SECURITY UPDATE: Incomplete escaping in filenames allows remote attackers
+    to conduct argument injection attacks into a command via a crafted
+    filename. (LP: #396807)
+    - src/DownloadListCtrl.cpp sanitises the downloaded filenames but does
+      not escape ticks in filenames correctly.
+    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078
+    - Patch by Sam Hocevar
+    - CVE-2009-1440
+
+ -- Andreas Moog <amoog@ubuntu.com>  Wed, 08 Jul 2009 02:45:47 +0200
+
 amule (2.2.0~svn20080218-0ubuntu4) hardy; urgency=low
 
   * Fix Spanish translation bug, original patch from Festor Wailon Dacoba.
diff -u amule-2.2.0~svn20080218/debian/patches/series amule-2.2.0~svn20080218/debian/patches/series
--- amule-2.2.0~svn20080218/debian/patches/series
+++ amule-2.2.0~svn20080218/debian/patches/series
@@ -4,0 +5 @@
+CVE-2009-1440.patch
only in patch2:
unchanged:
--- amule-2.2.0~svn20080218.orig/debian/patches/CVE-2009-1440.patch
+++ amule-2.2.0~svn20080218/debian/patches/CVE-2009-1440.patch
@@ -0,0 +1,21 @@
+# Description: Fix for CVE-2009-1440, an attacker could inject arguments via crafted filenames
+# Ubuntu: https://bugs.edge.launchpad.net/bugs/396807
+# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078
+# Upstream: http://www.amule.org/abugs/view.php?id=1515
+# Patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=34;filename=nmu.patch;att=1;bug=525078
+Index: amule-2.2.0~svn20080218/src/DownloadListCtrl.cpp
+===================================================================
+--- amule-2.2.0~svn20080218.orig/src/DownloadListCtrl.cpp	2008-02-17 12:43:53.000000000 +0100
++++ amule-2.2.0~svn20080218/src/DownloadListCtrl.cpp	2009-07-08 02:46:54.210651877 +0200
+@@ -2239,6 +2239,11 @@
+ 		// This is a complete file
+ 		// FIXME: This is probably not going to work if the filenames are mangled ...
+ 		wxString rawFileName = file->GetFullName().GetRaw();
++
++#ifndef __WXMSW__
++		rawFileName.Replace(QUOTE, wxT("\\") QUOTE);
++#endif
++
+ 		if (!command.Replace(wxT("$file"), rawFileName)) {
+ 			// No magic string, so we just append the filename to the player command
+ 			// Need to use quotes in case filename contains spaces