diff -u bind9-9.5.0.dfsg.P2/debian/changelog bind9-9.5.0.dfsg.P2/debian/changelog
--- bind9-9.5.0.dfsg.P2/debian/changelog
+++ bind9-9.5.0.dfsg.P2/debian/changelog
@@ -1,3 +1,13 @@
+bind9 (1:9.5.0.dfsg.P2-5.1ubuntu1) jaunty; urgency=low
+
+  * Merge from debian unstable, remaining changes: LP: #315711
+    - update lib/dns/openssldsa_link.c to properly check the return code of
+      DSA_do_verify()
+    - CVE-2009-0025
+  * Update Maintainer field as per spec.
+
+ -- Bhavani Shankar <right2bhavi@gmail.com>  Sat, 10 Jan 2009 12:03:19 +0530
+
 bind9 (1:9.5.0.dfsg.P2-5.1) unstable; urgency=low
 
   * Non-maintainer upload.
@@ -9,6 +19,16 @@
 
  -- Ben Hutchings <ben@decadent.org.uk>  Fri, 02 Jan 2009 16:51:42 +0000
 
+bind9 (1:9.5.0.dfsg.P2-5ubuntu1) jaunty; urgency=low
+
+  * SECURITY UPDATE: clients treat malformed signatures as good when verifying
+    server DSA and ECDSA certificates.
+    - update lib/dns/openssldsa_link.c to properly check the return code of
+      DSA_do_verify()
+    - CVE-2009-0025
+
+ -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 07 Jan 2009 17:05:49 -0600
+
 bind9 (1:9.5.0.dfsg.P2-5) unstable; urgency=low
 
   [ISC]
diff -u bind9-9.5.0.dfsg.P2/debian/control bind9-9.5.0.dfsg.P2/debian/control
--- bind9-9.5.0.dfsg.P2/debian/control
+++ bind9-9.5.0.dfsg.P2/debian/control
@@ -1,7 +1,8 @@
 Source: bind9
 Section: net
 Priority: optional
-Maintainer: LaMont Jones <lamont@debian.org>
+Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: LaMont Jones <lamont@debian.org>
 Uploaders: Bdale Garbee <bdale@gag.com>
 Build-Depends: libkrb5-dev, debhelper (>= 5), libssl-dev, libtool, bison, libdb-dev, libldap2-dev, libxml2-dev, libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], hardening-wrapper
 Standards-Version: 3.7.2.0
only in patch2:
unchanged:
--- bind9-9.5.0.dfsg.P2.orig/lib/dns/openssldsa_link.c
+++ bind9-9.5.0.dfsg.P2/lib/dns/openssldsa_link.c
@@ -146,7 +146,7 @@
 
 	status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa);
 	DSA_SIG_free(dsasig);
-	if (status == 0)
+	if (status <= 0)
 		return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
 
 	return (ISC_R_SUCCESS);