diff -u libgadu-1.8.0+r592/debian/control libgadu-1.8.0+r592/debian/control
--- libgadu-1.8.0+r592/debian/control
+++ libgadu-1.8.0+r592/debian/control
@@ -1,8 +1,9 @@
 Source: libgadu
 Section: libs
 Priority: optional
-Maintainer: Marcin Owsiany <porridge@debian.org>
-Build-Depends: debhelper (>= 4.1.1), doxygen
+Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
+XSBC-Original-Maintainer: Marcin Owsiany <porridge@debian.org>
+Build-Depends: debhelper (>= 4.1.1), doxygen, quilt
 Standards-Version: 3.7.3
 
 Package: libgadu3
diff -u libgadu-1.8.0+r592/debian/rules libgadu-1.8.0+r592/debian/rules
--- libgadu-1.8.0+r592/debian/rules
+++ libgadu-1.8.0+r592/debian/rules
@@ -6,6 +6,8 @@
 
 #export DH_VERBOSE=1
 
+include /usr/share/quilt/quilt.make
+
 # Help cross-compiling
 DEB_HOST_GNU_TYPE   ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
 DEB_BUILD_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
@@ -41,14 +43,14 @@
 # Remember to update README.Debian as well...
 
 
-build: build-stamp
+build: patch build-stamp
 build-stamp:  config.status
 	dh_testdir
 	$(MAKE)
 	$(MAKE) -C docs
 	touch build-stamp
 
-clean:
+clean: unpatch
 	dh_testdir
 	dh_testroot
 	rm -f build-stamp checkperms-stamp
diff -u libgadu-1.8.0+r592/debian/changelog libgadu-1.8.0+r592/debian/changelog
--- libgadu-1.8.0+r592/debian/changelog
+++ libgadu-1.8.0+r592/debian/changelog
@@ -1,3 +1,14 @@
+libgadu (1:1.8.0+r592-1ubuntu0.1) intrepid-security; urgency=low
+
+  * SECURITY UPDATE: remote DoS (LP: #297933)
+    - Changed in src/events.c by patch fix_CVE-2008-4776.patch
+    - CVE-2008-4776
+  * Added quilt as patch system
+    - debian/control: added quilt dependency
+    - debian/rules: added call to quilt
+
+ -- Fabrice Coutadeur <coutadeurf@gmail.com>  Tue, 18 Nov 2008 05:04:49 +0100
+
 libgadu (1:1.8.0+r592-1) unstable; urgency=low
 
   * First release of libgadu as a separate source package. Most of the
only in patch2:
unchanged:
--- libgadu-1.8.0+r592.orig/debian/patches/fix_CVE-2008-4776.patch
+++ libgadu-1.8.0+r592/debian/patches/fix_CVE-2008-4776.patch
@@ -0,0 +1,22 @@
+Index: libgadu-1.8.0+r592/src/events.c
+===================================================================
+--- libgadu-1.8.0+r592.orig/src/events.c	2008-11-18 05:20:39.000000000 +0100
++++ libgadu-1.8.0+r592/src/events.c	2008-11-18 05:21:29.000000000 +0100
+@@ -616,7 +616,7 @@
+ 				if (GG_S_D(n->status)) {
+ 					unsigned char descr_len = *((char*) n + sizeof(struct gg_notify_reply77));
+ 
+-					if (descr_len < length) {
++					if (sizeof(struct gg_notify_reply77) + descr_len <= length) {
+ 						if (!(e->event.notify60[i].descr = malloc(descr_len + 1))) {
+ 							gg_debug_session(sess, GG_DEBUG_MISC, "// gg_watch_fd_connected() not enough memory for notify data\n");
+ 							goto fail;
+@@ -739,7 +739,7 @@
+ 				if (GG_S_D(n->status)) {
+ 					unsigned char descr_len = *((char*) n + sizeof(struct gg_notify_reply60));
+ 
+-					if (descr_len < length) {
++					if (sizeof(struct gg_notify_reply60) + descr_len <= length) {
+ 						if (!(e->event.notify60[i].descr = malloc(descr_len + 1))) {
+ 							gg_debug_session(sess, GG_DEBUG_MISC, "// gg_watch_fd_connected() not enough memory for notify data\n");
+ 							goto fail;
only in patch2:
unchanged:
--- libgadu-1.8.0+r592.orig/debian/patches/series
+++ libgadu-1.8.0+r592/debian/patches/series
@@ -0,0 +1 @@
+fix_CVE-2008-4776.patch