diff -u audit-1.5.4/debian/patches/series audit-1.5.4/debian/patches/series
--- audit-1.5.4/debian/patches/series
+++ audit-1.5.4/debian/patches/series
@@ -1,0 +2 @@
+CVE-2008-1628.patch
diff -u audit-1.5.4/debian/changelog audit-1.5.4/debian/changelog
--- audit-1.5.4/debian/changelog
+++ audit-1.5.4/debian/changelog
@@ -1,3 +1,16 @@
+audit (1.5.4-0ubuntu1.1) gutsy-security; urgency=low
+
+  * SECURITY UPDATE: (LP: #216117)
+   + debian/patches/CVE-2008-1628.patch
+    - Stack-based buffer overflow in the audit_log_user_command function in 
+      lib/audit_logging.c in Linux Audit before 1.7 might allow remote 
+      attackers to execute arbitrary code via a long command argument.
+  * References
+   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1628
+   + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475227
+
+ -- Emanuele Gentili <emgent@emanuele-gentili.com>  Sat, 12 Apr 2008 23:52:13 +0200
+
 audit (1.5.4-0ubuntu1) gutsy; urgency=low
 
   * New upstream version.
only in patch2:
unchanged:
--- audit-1.5.4.orig/debian/patches/CVE-2008-1628.patch
+++ audit-1.5.4/debian/patches/CVE-2008-1628.patch
@@ -0,0 +1,16 @@
+Index: audit-1.5.4/lib/audit_logging.c
+===================================================================
+--- audit-1.5.4.orig/lib/audit_logging.c	2008-04-12 23:51:02.000000000 +0200
++++ audit-1.5.4/lib/audit_logging.c	2008-04-12 23:51:50.000000000 +0200
+@@ -652,7 +652,10 @@
+ 	}
+ 
+ 	p = cmd;
+-	strcpy(commname, cmd);
++	if (len >= PATH_MAX) {
++		cmd[PATH_MAX] = 0;
++		len = PATH_MAX-1;
++	}
+ 	while (*p) {
+ 		if (*p == '"' || *p < 0x21 || (unsigned)*p > 0x7f) {
+ 			_audit_c2x(commname, cmd, len);