diff -u cfingerd-1.4.3/debian/changelog cfingerd-1.4.3/debian/changelog
--- cfingerd-1.4.3/debian/changelog
+++ cfingerd-1.4.3/debian/changelog
@@ -1,3 +1,10 @@
+cfingerd (1.4.3-3ubuntu1.1) precise; urgency=high
+
+  * SECURITY: fix buffer overflow in rfc1413 (ident) client
+    (LP: #1104425).
+
+ -- Malcolm Scott <debianpkg@malc.org.uk>  Thu, 24 Jan 2013 20:19:56 +0000
+
 cfingerd (1.4.3-3ubuntu1) maverick; urgency=low
 
   * Merge from debian unstable.  Remaining changes: LP: #600078
diff -u cfingerd-1.4.3/src/rfc1413.c cfingerd-1.4.3/src/rfc1413.c
--- cfingerd-1.4.3/src/rfc1413.c
+++ cfingerd-1.4.3/src/rfc1413.c
@@ -25,7 +25,9 @@
  * the implementation.  Completely rewritten by yours truly to be self-
  * contained in a single program.  Simple, easy to use.
  */
-#define BUFLEN	(2 * INET6_ADDRSTRLEN)
+#define UNAMELEN   64
+#define BUFLEN     UNAMELEN + INET6_ADDRSTRLEN + 2
+#define INPUTLEN   256
 char *get_rfc1413_data(struct sockaddr_storage * local_addr,
 			struct sockaddr_storage * peer_addr )
 {
@@ -34,7 +36,7 @@
     struct sockaddr_storage sin;
     struct sockaddr_in *sa4 = (struct sockaddr_in *) &sin;
     struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *) &sin;
-    char buffer[1024], buf[BUFLEN], uname[64], *bleah;
+    char buffer[1024], buf[INPUTLEN], uname[UNAMELEN], *bleah;
     char *cp, *xp;
     struct servent *serv;