diff -u clamav-0.91.2/debian/changelog clamav-0.91.2/debian/changelog
--- clamav-0.91.2/debian/changelog
+++ clamav-0.91.2/debian/changelog
@@ -1,3 +1,11 @@
+clamav (0.91.2-3ubuntu2.2) gutsy; urgency=low
+
+  * SECURITY UPDATE: Remote Attack
+  * [CVE-2007-6337] libclamav/nsis/bzlib_private.h
+    Unspecified vulnerability in the bzip2 decompression algorithm
+
+ -- Leonel Nunez <leonel@enelserver.com>  Thu, 10 Jan 2008 10:36:03 -0700
+
 clamav (0.91.2-3ubuntu2.1) gutsy-security; urgency=low
 
   * SECURITY UPDATE: Remote code execution 
diff -u clamav-0.91.2/debian/patches/00list clamav-0.91.2/debian/patches/00list
--- clamav-0.91.2/debian/patches/00list
+++ clamav-0.91.2/debian/patches/00list
@@ -7,0 +8 @@
+28_bzlib_private.h-CVE-2007-6337.dpatch
only in patch2:
unchanged:
--- clamav-0.91.2.orig/debian/patches/28_bzlib_private.h-CVE-2007-6337.dpatch
+++ clamav-0.91.2/debian/patches/28_bzlib_private.h-CVE-2007-6337.dpatch
@@ -0,0 +1,24 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 28_bzlib_private.h-CVE-2007-6337.dpatch by Leonel Nunez <leonel@enelserver.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad clamav-0.91.2~/libclamav/nsis/bzlib_private.h clamav-0.91.2/libclamav/nsis/bzlib_private.h
+--- clamav-0.91.2~/libclamav/nsis/bzlib_private.h	2007-05-23 06:57:20.000000000 -0600
++++ clamav-0.91.2/libclamav/nsis/bzlib_private.h	2008-01-10 10:35:32.000000000 -0700
+@@ -422,11 +422,13 @@
+ /*-- Macros for decompression. --*/
+ 
+ #define BZ_GET_FAST(cccc)                     \
++    if (s->tPos >= s->blockSize100k * 100000) return True; \
+     s->tPos = s->tt[s->tPos];                 \
+     cccc = (UChar)(s->tPos & 0xff);           \
+     s->tPos >>= 8;
+ 
+ #define BZ_GET_FAST_C(cccc)                   \
++    if (c_tPos >= s->blockSize100k * 100000) return True; \
+     c_tPos = c_tt[c_tPos];                    \
+     cccc = (UChar)(c_tPos & 0xff);            \
+     c_tPos >>= 8;