diff -u libgadu-1.8.0+r592/debian/control libgadu-1.8.0+r592/debian/control
--- libgadu-1.8.0+r592/debian/control
+++ libgadu-1.8.0+r592/debian/control
@@ -1,7 +1,8 @@
 Source: libgadu
 Section: libs
 Priority: optional
-Maintainer: Marcin Owsiany <porridge@debian.org>
+Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
+XSBC-Original-Maintainer: Marcin Owsiany <porridge@debian.org>
 Build-Depends: debhelper (>= 4.1.1), doxygen
 Standards-Version: 3.7.3
 
diff -u libgadu-1.8.0+r592/debian/changelog libgadu-1.8.0+r592/debian/changelog
--- libgadu-1.8.0+r592/debian/changelog
+++ libgadu-1.8.0+r592/debian/changelog
@@ -1,3 +1,11 @@
+libgadu (1:1.8.0+r592-1ubuntu0.1) intrepid-security; urgency=low
+
+  * SECURITY UPDATE: remote DoS (LP: #297933)
+    - Changes in src/events.c to check correct length of reply
+    - CVE-2008-4776
+
+ -- Fabrice Coutadeur <coutadeurf@gmail.com>  Tue, 18 Nov 2008 05:04:49 +0100
+
 libgadu (1:1.8.0+r592-1) unstable; urgency=low
 
   * First release of libgadu as a separate source package. Most of the
only in patch2:
unchanged:
--- libgadu-1.8.0+r592.orig/src/events.c
+++ libgadu-1.8.0+r592/src/events.c
@@ -616,7 +616,7 @@
 				if (GG_S_D(n->status)) {
 					unsigned char descr_len = *((char*) n + sizeof(struct gg_notify_reply77));
 
-					if (descr_len < length) {
+					if (sizeof(struct gg_notify_reply77) + descr_len <= length) {
 						if (!(e->event.notify60[i].descr = malloc(descr_len + 1))) {
 							gg_debug_session(sess, GG_DEBUG_MISC, "// gg_watch_fd_connected() not enough memory for notify data\n");
 							goto fail;
@@ -739,7 +739,7 @@
 				if (GG_S_D(n->status)) {
 					unsigned char descr_len = *((char*) n + sizeof(struct gg_notify_reply60));
 
-					if (descr_len < length) {
+					if (sizeof(struct gg_notify_reply60) + descr_len <= length) {
 						if (!(e->event.notify60[i].descr = malloc(descr_len + 1))) {
 							gg_debug_session(sess, GG_DEBUG_MISC, "// gg_watch_fd_connected() not enough memory for notify data\n");
 							goto fail;