diff -u clamav-0.88.4/debian/changelog clamav-0.88.4/debian/changelog
--- clamav-0.88.4/debian/changelog
+++ clamav-0.88.4/debian/changelog
@@ -1,3 +1,14 @@
+clamav (0.88.4-1ubuntu2.1) edgy-security; urgency=low
+
+  * SECURITY UPDATE: Fix a MIME decode bypass vulnerability.
+  * Add 'debian/patches/35_message_c_mimedecode_bypass.dpatch'
+    for the fix, taken from the difference of liblcamav/message.c
+    between this and the fixed version (0.88.7).
+  * References:
+    CVE 2006-6406.
+
+ -- Stefan Potyra <sistpoty@ubuntu.com>  Sat,  6 Jan 2007 04:56:52 +0100
+
 clamav (0.88.4-1ubuntu2) edgy; urgency=low
 
   * SECURITY UPDATE: multiple denial of service attacks in file processors. 
diff -u clamav-0.88.4/debian/patches/00list clamav-0.88.4/debian/patches/00list
--- clamav-0.88.4/debian/patches/00list
+++ clamav-0.88.4/debian/patches/00list
@@ -10,0 +11 @@
+35_message_c_mimedecode_bypass.dpatch
only in patch2:
unchanged:
--- clamav-0.88.4.orig/debian/patches/35_message_c_mimedecode_bypass.dpatch
+++ clamav-0.88.4/debian/patches/35_message_c_mimedecode_bypass.dpatch
@@ -0,0 +1,18 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 35_message_c_mimedecode_bypass.dpatch by  <sistpoty@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad clamav-0.88.4~/libclamav/message.c clamav-0.88.4/libclamav/message.c
+--- clamav-0.88.4~/libclamav/message.c	2006-07-01 09:38:47.000000000 +0000
++++ clamav-0.88.4/libclamav/message.c	2007-01-06 03:16:13.000000000 +0000
+@@ -2027,6 +2027,7 @@
+ 
+ 			for(p1 = s; p1[0] != '\0'; p1++)
+ 				p1[0] = p1[1];
++			--s;
+ 		}
+ #else
+ 	for(; *s; s++) {