diff -u autokey-0.54.5/debian/changelog autokey-0.54.5/debian/changelog
--- autokey-0.54.5/debian/changelog
+++ autokey-0.54.5/debian/changelog
@@ -1,3 +1,13 @@
+autokey (0.54.5-1ubuntu0.3) karmic-security; urgency=low
+
+  * SECURITY UPDATE: arbitrary file overwriting via symlinks (LP: #538471)
+    - Store files for the EvDev daamon in FHS-specified locations
+    - debian/autokey.init: Set pidfile path to '/var/run/autokey-daemon.pid'
+    - src/lib/interface.py: Set DOMAIN_SOCKET_PATH to "/var/run/autokey-daemon"
+    - CVE-2010-0398
+
+ -- Luke Faraone <luke@faraone.cc>  Sat, 13 Mar 2010 17:14:24 -0500
+
 autokey (0.54.5-1ubuntu0.2) karmic-proposed; urgency=low
 
   * Include simple-patchsys in debian/rules so prior patch is applied. (LP: #479131) 
only in patch2:
unchanged:
--- autokey-0.54.5.orig/debian/autokey.init
+++ autokey-0.54.5/debian/autokey.init
@@ -23,7 +23,7 @@
         logFile = "/var/log/autokey-daemon.log"
         if os.path.exists(logFile):
             shutil.move(logFile, logFile + '.old')
-        daemon.Daemon.__init__(self, '/tmp/autokey-daemon.pid', stdout=logFile, stderr=logFile)
+        daemon.Daemon.__init__(self, '/var/run/autokey-daemon.pid', stdout=logFile, stderr=logFile)
 
     def get_device_paths(self):
         keyboardLocations = glob.glob("/dev/input/by-path/*-event-kbd")
only in patch2:
unchanged:
--- autokey-0.54.5.orig/debian/patches/1001-sensible-pid-locations.patch
+++ autokey-0.54.5/debian/patches/1001-sensible-pid-locations.patch
@@ -0,0 +1,12 @@
+diff -Nur -x '*.orig' -x '*~' autokey-security/src/lib/interface.py autokey-security.new/src/lib/interface.py
+--- autokey-security/src/lib/interface.py	2010-03-13 17:05:53.000000000 -0500
++++ autokey-security.new/src/lib/interface.py	2010-03-13 17:09:56.831974364 -0500
+@@ -33,7 +33,7 @@
+ logger = logging.getLogger("interface")
+ 
+ # Misc
+-DOMAIN_SOCKET_PATH = "/tmp/autokey.daemon"
++DOMAIN_SOCKET_PATH = "/var/run/autokey-daemon"
+ PACKET_SIZE = 32
+ 
+ # Modifiers