diff -Nru exim4-4.71/debian/changelog exim4-4.71/debian/changelog
--- exim4-4.71/debian/changelog	2011-02-08 18:47:16.000000000 +0100
+++ exim4-4.71/debian/changelog	2011-05-08 15:34:49.000000000 +0200
@@ -1,3 +1,11 @@
+exim4 (4.71-3ubuntu1.2) lucid-security; urgency=low
+
+  * SECURITY UPDATE: format string vulnerability (LP: #779391)
+    - debian/patches/85_CVE-2011-1764.patch: patch from upstream
+    - CVE-2011-1764
+
+ -- Felix Geyer <debfx-pkg@fobos.de>  Sun, 08 May 2011 15:31:05 +0200
+
 exim4 (4.71-3ubuntu1.1) lucid-security; urgency=low
 
   * SECURITY UPDATE: local privilege escalation via alternate config file
diff -Nru exim4-4.71/debian/patches/85_CVE-2011-1764.patch exim4-4.71/debian/patches/85_CVE-2011-1764.patch
--- exim4-4.71/debian/patches/85_CVE-2011-1764.patch	1970-01-01 01:00:00.000000000 +0100
+++ exim4-4.71/debian/patches/85_CVE-2011-1764.patch	2011-05-08 15:21:08.000000000 +0200
@@ -0,0 +1,35 @@
+From 337e3505b0e6cd4309db6bf6062b33fa56e06cf8 Mon Sep 17 00:00:00 2001
+From: Tom Kistner <tom@tahini.csx.cam.ac.uk>
+Date: Sat, 30 Apr 2011 13:20:17 +0100
+Subject: [PATCH 2/2] Bugzilla #1106: Don't pass DKIM compound log line as format string
+Bug-Debian: http://bugs.debian.org/624670
+
+---
+ src/dkim.c |    4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/dkim.c b/src/dkim.c
+index e25ff8c..2318cc3 100644
+--- a/src/dkim.c
++++ b/src/dkim.c
+@@ -108,7 +108,7 @@ void dkim_exim_verify_finish(void) {
+     /* Log a line for each signature */
+     uschar *logmsg = string_append(NULL, &size, &ptr, 5,
+ 
+-      string_sprintf( "DKIM: d=%s s=%s c=%s/%s a=%s ",
++      string_sprintf( "d=%s s=%s c=%s/%s a=%s ",
+                       sig->domain,
+                       sig->selector,
+                       (sig->canon_headers == PDKIM_CANON_SIMPLE)?"simple":"relaxed",
+@@ -176,7 +176,7 @@ void dkim_exim_verify_finish(void) {
+     }
+ 
+     logmsg[ptr] = '\0';
+-    log_write(0, LOG_MAIN, (char *)logmsg);
++    log_write(0, LOG_MAIN, "DKIM: %s", logmsg);
+ 
+     /* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */
+     dkim_signers = string_append(dkim_signers,
+-- 
+1.7.2.5
+
diff -Nru exim4-4.71/debian/patches/series exim4-4.71/debian/patches/series
--- exim4-4.71/debian/patches/series	2011-02-08 18:41:36.000000000 +0100
+++ exim4-4.71/debian/patches/series	2011-05-08 15:30:42.000000000 +0200
@@ -17,3 +17,4 @@
 82_CVE-2011-0017.patch
 83_CVE-2010-2023.patch
 84_CVE-2010-2024.patch
+85_CVE-2011-1764.patch