diff -Nru bip-0.8.8/debian/changelog bip-0.8.8/debian/changelog
--- bip-0.8.8/debian/changelog	2012-01-24 17:57:59.000000000 -0600
+++ bip-0.8.8/debian/changelog	2013-11-08 10:58:19.000000000 -0600
@@ -1,3 +1,10 @@
+bip (0.8.8-2ubuntu1) raring; urgency=low
+
+  * Failed SSL handshake causes bip to write to a random socket, and never close
+    the connection.  Upsteam commit df45c4c2. (BIP #261) (LP: #1247888). 
+
+ -- Dave Chiluk <chiluk@canonical.com>  Fri, 08 Nov 2013 10:57:55 -0600
+
 bip (0.8.8-2) unstable; urgency=high
 
   * Fix CVE-2012-0806: buffer overflow.
diff -Nru bip-0.8.8/debian/patches/series bip-0.8.8/debian/patches/series
--- bip-0.8.8/debian/patches/series	2012-01-24 17:56:25.000000000 -0600
+++ bip-0.8.8/debian/patches/series	2013-11-08 10:57:26.000000000 -0600
@@ -1 +1,2 @@
 CVE-2012-0806.patch
+sslfailurefdleak.patch
diff -Nru bip-0.8.8/debian/patches/sslfailurefdleak.patch bip-0.8.8/debian/patches/sslfailurefdleak.patch
--- bip-0.8.8/debian/patches/sslfailurefdleak.patch	1969-12-31 18:00:00.000000000 -0600
+++ bip-0.8.8/debian/patches/sslfailurefdleak.patch	2013-11-08 10:57:26.000000000 -0600
@@ -0,0 +1,38 @@
+Description: Failed SSL Connection causes FD leak and crash
+   Failed SSL handshake causes bip to write to a random socket, and never close
+   the connection.  Upsteam commit df45c4c2. (BIP #261) (LP: #1247888).
+
+Origin: upstream, https://projects.duckcorp.org/projects/bip/repository/revisions/df45c4c2d6f892e3e1dec23ce0ed2575b53a7d8c/diff/src/connection.c
+Author: Dave Chiluk <chiluk@canonical.com>
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1247888
+Bug: https://projects.duckcorp.org/issues/261
+
+Index: bip-0.8.8/src/connection.c
+===================================================================
+--- bip-0.8.8.orig/src/connection.c	2013-11-07 14:54:57.000000000 -0600
++++ bip-0.8.8/src/connection.c	2013-11-07 14:54:57.000000000 -0600
+@@ -21,6 +21,7 @@
+ static int ssl_initialized = 0;
+ static SSL_CTX *sslctx = NULL;
+ static int ssl_cx_idx;
++extern FILE *conf_global_log_file;
+ static BIO *errbio = NULL;
+ extern char *conf_ssl_certfile;
+ static int SSLize(connection_t *cn, int *nc);
+@@ -1232,7 +1233,7 @@
+ 	if (!ssl_initialized) {
+ 		SSL_library_init();
+ 		SSL_load_error_strings();
+-		errbio = BIO_new_fp(stderr,BIO_NOCLOSE);
++		errbio = BIO_new_fp(conf_global_log_file,BIO_NOCLOSE);
+ 
+ 		ssl_cx_idx = SSL_get_ex_new_index(0, "bip connection_t",
+ 			NULL, NULL,NULL);
+@@ -1427,6 +1428,7 @@
+ 	/* From now on, we are on error, thus we return 1 to check timeout */
+ 	if (err2 == SSL_ERROR_ZERO_RETURN || err2 == SSL_ERROR_SSL) {
+ 		mylog(LOG_ERROR, "Error in SSL handshake.");
++		connection_close(cn);
+ 		cn->connected = CONN_ERROR;
+ 		return 1;
+ 	}