diff -u ekiga-2.0.3/debian/control.in ekiga-2.0.3/debian/control.in
--- ekiga-2.0.3/debian/control.in
+++ ekiga-2.0.3/debian/control.in
@@ -1,7 +1,8 @@
 Source: ekiga
 Section: gnome
 Priority: optional
-Maintainer: Kilian Krause <kilian@debian.org>
+Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Kilian Krause <kilian@debian.org>
 Uploaders: Jose Carlos Garcia Sogo <jsogo@debian.org>, @GNOME_TEAM@
 Build-Depends: debhelper (>= 4.1.34), gettext, libgnome2-dev, libldap2-dev, libpt-dev (>= 1.10.2), libopal-dev (>= 2.2.3), libgconf2-dev, libgnomeui-dev, libsdl1.2-dev, dpatch, autotools-dev, gnome-pkg-tools, scrollkeeper, automake1.7, intltool, libxml-parser-perl, evolution-data-server-dev, libebook1.2-dev, gnome-doc-utils, libavahi-client-dev (>= 0.6.0), libavahi-glib-dev (>= 0.6.0), liblaunchpad-integration-dev, sharutils
 Standards-Version: 3.6.2
diff -u ekiga-2.0.3/debian/control ekiga-2.0.3/debian/control
--- ekiga-2.0.3/debian/control
+++ ekiga-2.0.3/debian/control
@@ -1,8 +1,9 @@
 Source: ekiga
 Section: gnome
 Priority: optional
-Maintainer: Kilian Krause <kilian@debian.org>
-Uploaders: Jose Carlos Garcia Sogo <jsogo@debian.org>, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>, Andrew Lau <netsnipe@users.sourceforge.net>, Clément Stenac <zorglub@debian.org>, Dafydd Harries <daf@debian.org>, Guilherme de S. Pastore <gpastore@debian.org>, Gustavo Franco <stratus@debian.org>, Gustavo Noronha Silva <kov@debian.org>, J.H.M. Dassen (Ray) <jdassen@debian.org>, Jordi Mallach <jordi@debian.org>, Jose Carlos Garcia Sogo <jsogo@debian.org>, Josselin Mouette <joss@debian.org>, Loic Minier <lool@dooz.org>, Marc 'HE' Brockschmidt <he@debian.org>, Marco Cabizza <marco87@gmail.com>, Oystein Gisnas <oystein@gisnas.net>, Ondřej Surý <ondrej@debian.org>, Ross Burton <ross@debian.org>, Sebastien Bacher <seb128@debian.org>, Sjoerd Simons <sjoerd@debian.org>
+Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Kilian Krause <kilian@debian.org>
+Uploaders: Jose Carlos Garcia Sogo <jsogo@debian.org>, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>, Andrew Lau <netsnipe@users.sourceforge.net>, Clément Stenac <zorglub@debian.org>, Dafydd Harries <daf@debian.org>, Guilherme de S. Pastore <gpastore@debian.org>, Gustavo Franco <stratus@debian.org>, Gustavo Noronha Silva <kov@debian.org>, J.H.M. Dassen (Ray) <jdassen@debian.org>, Jordi Mallach <jordi@debian.org>, Jose Carlos Garcia Sogo <jsogo@debian.org>, Josselin Mouette <joss@debian.org>, Kilian Krause <kilian@debian.org>, Loic Minier <lool@dooz.org>, Marc 'HE' Brockschmidt <he@debian.org>, Marco Cabizza <marco87@gmail.com>, Oystein Gisnas <oystein@gisnas.net>, Ondřej Surý <ondrej@debian.org>, Ross Burton <ross@debian.org>, Sebastien Bacher <seb128@debian.org>, Sjoerd Simons <sjoerd@debian.org>
 Build-Depends: debhelper (>= 4.1.34), gettext, libgnome2-dev, libldap2-dev, libpt-dev (>= 1.10.2), libopal-dev (>= 2.2.3), libgconf2-dev, libgnomeui-dev, libsdl1.2-dev, dpatch, autotools-dev, gnome-pkg-tools, scrollkeeper, automake1.7, intltool, libxml-parser-perl, evolution-data-server-dev, libebook1.2-dev, gnome-doc-utils, libavahi-client-dev (>= 0.6.0), libavahi-glib-dev (>= 0.6.0), liblaunchpad-integration-dev, sharutils
 Standards-Version: 3.6.2
 
diff -u ekiga-2.0.3/debian/changelog ekiga-2.0.3/debian/changelog
--- ekiga-2.0.3/debian/changelog
+++ ekiga-2.0.3/debian/changelog
@@ -1,3 +1,12 @@
+ekiga (2.0.3-0ubuntu6) feisty; urgency=low
+
+  * SECURITY UPDATE: remote code execution via format string overflows.
+  * Added 'debian/patches/51_fix-format-strings.dpatch' upstream patch.
+  * References
+    CVE-2007-1006
+
+ -- Kees Cook <kees@ubuntu.com>  Wed, 21 Feb 2007 16:57:36 -0800
+
 ekiga (2.0.3-0ubuntu5) feisty; urgency=low
 
   * debian/control.in:
diff -u ekiga-2.0.3/debian/patches/00list ekiga-2.0.3/debian/patches/00list
--- ekiga-2.0.3/debian/patches/00list
+++ ekiga-2.0.3/debian/patches/00list
@@ -7,0 +8 @@
+51_fix-format-strings.dpatch
only in patch2:
unchanged:
--- ekiga-2.0.3.orig/debian/patches/51_fix-format-strings.dpatch
+++ ekiga-2.0.3/debian/patches/51_fix-format-strings.dpatch
@@ -0,0 +1,88 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 51_fix-format-strings.dpatch by Kees Cook <kees@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad ekiga-2.0.3~/src/endpoints/manager.cpp ekiga-2.0.3/src/endpoints/manager.cpp
+--- ekiga-2.0.3~/src/endpoints/manager.cpp	2006-08-29 12:23:34.000000000 -0700
++++ ekiga-2.0.3/src/endpoints/manager.cpp	2007-02-21 16:55:18.945627353 -0800
+@@ -660,7 +660,7 @@
+   gnomemeeting_threads_enter ();
+   msg = g_strdup_printf (_("Forwarding call to %s"),
+ 			 (const char*) forward_party);
+-  gm_main_window_flash_message (main_window, msg);
++  gm_main_window_flash_message (main_window, "%s", msg);
+   gm_history_window_insert (history_window, msg);
+   gnomemeeting_threads_leave ();
+   g_free (msg);
+@@ -814,7 +814,7 @@
+   /* Update the log and status bar */
+   msg = g_strdup_printf (_("Call from %s"), (const char *) utf8_name);
+   gnomemeeting_threads_enter ();
+-  gm_main_window_flash_message (main_window, msg);
++  gm_main_window_flash_message (main_window, "%s", msg);
+   gm_chat_window_push_info_message (chat_window, NULL, msg);
+   gm_history_window_insert (history_window, msg);
+   gnomemeeting_threads_leave ();
+@@ -854,7 +854,7 @@
+   /* Display the action message */
+   gnomemeeting_threads_enter ();
+   if (short_reason) 
+-    gm_main_window_flash_message (main_window, short_reason);
++    gm_main_window_flash_message (main_window, "%s", short_reason);
+   if (long_reason)
+     gm_history_window_insert (history_window, long_reason);
+   gnomemeeting_threads_leave ();
+@@ -1001,7 +1001,7 @@
+ 			      utf8_name, utf8_app);
+   msg = g_strdup_printf (_("Connected with %s"), utf8_name);
+   gm_main_window_set_status (main_window, msg);
+-  gm_main_window_flash_message (main_window, msg);
++  gm_main_window_flash_message (main_window, "%s", msg);
+   gm_chat_window_push_info_message (chat_window, NULL, msg);
+   gm_main_window_update_calling_state (main_window, GMManager::Connected);
+   gm_chat_window_update_calling_state (chat_window, 
+@@ -1276,7 +1276,7 @@
+   gm_main_window_push_message (main_window, 
+ 			       GetMissedCallsNumber (), 
+ 			       GetMWI ());
+-  gm_main_window_flash_message (main_window, msg_reason);
++  gm_main_window_flash_message (main_window, "%s", msg_reason);
+   gm_chat_window_push_info_message (chat_window, NULL, "");
+   gnomemeeting_threads_leave ();
+ 
+diff -urNad ekiga-2.0.3~/src/endpoints/sip.cpp ekiga-2.0.3/src/endpoints/sip.cpp
+--- ekiga-2.0.3~/src/endpoints/sip.cpp	2006-06-15 14:08:42.000000000 -0700
++++ ekiga-2.0.3/src/endpoints/sip.cpp	2007-02-21 16:51:29.121815007 -0800
+@@ -227,7 +227,7 @@
+ #endif
+ 
+   gm_history_window_insert (history_window, msg);
+-  gm_main_window_flash_message (main_window, msg);
++  gm_main_window_flash_message (main_window, "%s", msg);
+   if (endpoint.GetCallingState() == GMManager::Standby)
+     gm_main_window_set_account_info (main_window, 
+ 				     endpoint.GetRegisteredAccounts());
+diff -urNad ekiga-2.0.3~/src/endpoints/urlhandler.cpp ekiga-2.0.3/src/endpoints/urlhandler.cpp
+--- ekiga-2.0.3~/src/endpoints/urlhandler.cpp	2006-05-17 13:32:32.000000000 -0700
++++ ekiga-2.0.3/src/endpoints/urlhandler.cpp	2007-02-21 16:53:04.154699510 -0800
+@@ -527,7 +527,7 @@
+ 
+       if (call_address.Find ("+type=directory") != P_MAX_INDEX) {
+ 
+-	gm_main_window_flash_message (main_window, _("User not found"));
++	gm_main_window_flash_message (main_window, "%s", _("User not found"));
+ 	gm_calls_history_add_call (PLACED_CALL,
+ 				   NULL,
+ 				   call_address, 
+@@ -538,7 +538,7 @@
+       }
+       else {
+ 	
+-	gm_main_window_flash_message (main_window, _("Failed to call user"));
++	gm_main_window_flash_message (main_window, "%s", _("Failed to call user"));
+ 	gm_calls_history_add_call (PLACED_CALL,
+ 				   NULL,
+ 				   call_address,