diff -u faad2-2.0.0+cvs20040908+mp4v2+bmp/debian/changelog faad2-2.0.0+cvs20040908+mp4v2+bmp/debian/changelog
--- faad2-2.0.0+cvs20040908+mp4v2+bmp/debian/changelog
+++ faad2-2.0.0+cvs20040908+mp4v2+bmp/debian/changelog
@@ -1,3 +1,19 @@
+faad2 (2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.1) feisty-security; urgency=low
+
+  * SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function
+    (frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause
+    a denial of service (crash) and possibly execute arbitrary code via a
+    crafted MPEG-4 (MP4) file. (Closes LP: #277110)
+  * 11_CVE-2008-4201.diff
+    - Patch supplied by upstream modified slightly to patch cleanly
+      and address vulnerability.
+  * References
+    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201
+    http://www.audiocoding.com/patch/main_overflow.diff
+    CVE-2008-4201
+
+ -- Stefan Lesicnik <stefan@lsd.co.za>  Fri, 03 Oct 2008 10:55:41 +0200
+
 faad2 (2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3) dapper; urgency=low
 
   * 01_systems.h.diff:
diff -u faad2-2.0.0+cvs20040908+mp4v2+bmp/debian/control faad2-2.0.0+cvs20040908+mp4v2+bmp/debian/control
--- faad2-2.0.0+cvs20040908+mp4v2+bmp/debian/control
+++ faad2-2.0.0+cvs20040908+mp4v2+bmp/debian/control
@@ -1,7 +1,8 @@
 Source: faad2
 Section: libs
 Priority: optional
-Maintainer: Sebastian Dröge <mail@slomosnail.de>
+Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
+XSBC-Original-Maintainer: Sebastian Dröge <mail@slomosnail.de>
 Build-Depends: debhelper (>= 4.1.0), cdbs, libsndfile1-dev, xmms-dev, beep-media-player-dev, libid3-dev
 Standards-Version: 3.6.2
 
only in patch2:
unchanged:
--- faad2-2.0.0+cvs20040908+mp4v2+bmp.orig/debian/patches/11_CVE-2008-4201.diff
+++ faad2-2.0.0+cvs20040908+mp4v2+bmp/debian/patches/11_CVE-2008-4201.diff
@@ -0,0 +1,11 @@
+--- frontend/main.c	2005-09-07 11:48:32.000000000 +0200
++++ frontend/main.c.patch	2008-10-03 09:32:55.000000000 +0200
+@@ -892,6 +892,8 @@ int decodeMP4file(char *mp4file, char *s
+                 sample_count = frameInfo.samples;
+             } else {
+                 sample_count = (unsigned int)(dur * frameInfo.channels);
++                if (sample_count > frameInfo.samples)
++                    sample_count = frameInfo.samples;
+ 
+                 if (!useAacLength && !initial && (sampleId < numSamples/2) && (sample_count != frameInfo.samples))
+                 {