diff -u ircii-pana-1.1/debian/changelog ircii-pana-1.1/debian/changelog
--- ircii-pana-1.1/debian/changelog
+++ ircii-pana-1.1/debian/changelog
@@ -1,3 +1,14 @@
+ircii-pana (1:1.1-4ubuntu0.1) dapper-security; urgency=low
+
+  * SECURITY UPDATE: remote IRC servers could execute arbitrary commands
+    by sending malicious data containing NICK and EXEC strings.
+  * Add 'debian/patches/remote_exec_fix.patch' to prevent exceeding the
+    bounds of the hash table.
+  * References
+    CVE-2007-3360
+
+ -- Luca Falavigna <dktrkranz@ubuntu.com>  Tue, 02 Oct 2007 23:18:40 +0200
+
 ircii-pana (1:1.1-4) dapper; urgency=low
 
   * debian/control
diff -u ircii-pana-1.1/debian/patches/series ircii-pana-1.1/debian/patches/series
--- ircii-pana-1.1/debian/patches/series
+++ ircii-pana-1.1/debian/patches/series
@@ -3,0 +4 @@
+remote_exec_fix.patch
only in patch2:
unchanged:
--- ircii-pana-1.1.orig/debian/patches/remote_exec_fix.patch
+++ ircii-pana-1.1/debian/patches/remote_exec_fix.patch
@@ -0,0 +1,15 @@
+Index: ircii-pana-1.1/source/hook.c
+===================================================================
+--- ircii-pana-1.1.orig/source/hook.c	2007-10-02 23:18:01.000000000 +0200
++++ ircii-pana-1.1/source/hook.c	2007-10-02 23:18:05.000000000 +0200
+@@ -841,6 +841,10 @@
+ 	 * Figure out where the hooks are for the event type were asserting
+ 	 */
+ 	/* Numeric list */
++
++	if(which > sizeof(hook_functions) - 1)
++		return NO_ACTION_TAKEN;
++
+ 	if (which < 0)
+ 	{
+ 		NumericList *hook;