diff -u ircii-pana-1.1/debian/patches/series ircii-pana-1.1/debian/patches/series
--- ircii-pana-1.1/debian/patches/series
+++ ircii-pana-1.1/debian/patches/series
@@ -3,0 +4 @@
+remote_exec_fix.patch
diff -u ircii-pana-1.1/debian/changelog ircii-pana-1.1/debian/changelog
--- ircii-pana-1.1/debian/changelog
+++ ircii-pana-1.1/debian/changelog
@@ -1,3 +1,11 @@
+ircii-pana (1:1.1-4ubuntu4) gutsy; urgency=low
+
+  * debian/patches/remote_exec_fix.patch:
+    Fixes CVE-2007-3360 (Closes: dbts: #432120)
+    (LP: #129771)
+
+ -- Stephan Hermann <sh@sourcecode.de>  Tue, 02 Oct 2007 11:39:33 +0200
+
 ircii-pana (1:1.1-4ubuntu3) gutsy; urgency=low
 
   * include/irc_std.h - Add (__GNUC__ >= 3) check
only in patch2:
unchanged:
--- ircii-pana-1.1.orig/debian/patches/remote_exec_fix.patch
+++ ircii-pana-1.1/debian/patches/remote_exec_fix.patch
@@ -0,0 +1,15 @@
+Index: ircii-pana-1.1/source/hook.c
+===================================================================
+--- ircii-pana-1.1.orig/source/hook.c	2007-10-02 10:45:26.545140712 +0200
++++ ircii-pana-1.1/source/hook.c	2007-10-02 11:38:11.725514106 +0200
+@@ -841,6 +841,10 @@
+ 	 * Figure out where the hooks are for the event type were asserting
+ 	 */
+ 	/* Numeric list */
++
++	if(which > sizeof(hook_functions) - 1)
++		return NO_ACTION_TAKEN;
++
+ 	if (which < 0)
+ 	{
+ 		NumericList *hook;