diff -u kadu-0.6.0.2/debian/changelog kadu-0.6.0.2/debian/changelog
--- kadu-0.6.0.2/debian/changelog
+++ kadu-0.6.0.2/debian/changelog
@@ -1,3 +1,11 @@
+kadu (0.6.0.2-2ubuntu0.1) intrepid-security; urgency=low
+
+  * SECURITY UPDATE: remote DoS via a contact description with a large length
+    - debian/patch: Added 07_fix_CVE-2008-4776_events.c to fix events.c
+    - CVE-2008-4776
+
+ -- Fabrice Coutadeur <coutadeurf@gmail.com>  Fri, 14 Nov 2008 05:44:13 +0000
+
 kadu (0.6.0.2-2) unstable; urgency=low
 
   [ Patryk Cisek ]
diff -u kadu-0.6.0.2/debian/control kadu-0.6.0.2/debian/control
--- kadu-0.6.0.2/debian/control
+++ kadu-0.6.0.2/debian/control
@@ -1,7 +1,8 @@
 Source: kadu
 Section: net
 Priority: optional
-Maintainer: Patryk Cisek <patryk@prezu.one.pl>
+Maintainer: MOTU Developers <ubuntu-motu@lists.ubuntu.com>
+XSBC-Original-Maintainer: Patryk Cisek <patryk@prezu.one.pl>
 Build-Depends: cdbs (>= 0.4.23-1.1), autotools-dev, debhelper (>= 5), patchutils (>= 0.2.25), sharutils, bzip2, libqt3-mt-dev, libao-dev, libsndfile1-dev (>= 1.0), kdelibs4-dev, libcurl3-gnutls-dev, libaudio-dev, libgtk1.2-dev, libxosd-dev, audacious-dev, libxtst-dev
 Standards-Version: 3.8.0
 Homepage: http://kadu.net
only in patch2:
unchanged:
--- kadu-0.6.0.2.orig/debian/patches/07_fix_CVE-2008-4776_events.c.patch
+++ kadu-0.6.0.2/debian/patches/07_fix_CVE-2008-4776_events.c.patch
@@ -0,0 +1,20 @@
+--- libgadu/src/events.c.old	2008-04-23 11:04:50.000000000 +0200
++++ libgadu/src/events.c	2008-11-28 06:28:13.000000000 +0100
+@@ -621,7 +621,7 @@
+ 				if (GG_S_D(n->status)) {
+ 					unsigned char descr_len = *((char*) n + sizeof(struct gg_notify_reply77));
+ 
+-					if (descr_len < length) {
++					if (sizeof(struct gg_notify_reply77) + descr_len <= length) {
+ 						if (!(e->event.notify60[i].descr = malloc(descr_len + 1))) {
+ 							gg_debug_session(sess, GG_DEBUG_MISC, "// gg_watch_fd_connected() not enough memory for notify data\n");
+ 							goto fail;
+@@ -744,7 +744,7 @@
+ 				if (GG_S_D(n->status)) {
+ 					unsigned char descr_len = *((char*) n + sizeof(struct gg_notify_reply60));
+ 
+-					if (descr_len < length) {
++					if (sizeof(struct gg_notify_reply77) + descr_len <= length) {
+ 						if (!(e->event.notify60[i].descr = malloc(descr_len + 1))) {
+ 							gg_debug_session(sess, GG_DEBUG_MISC, "// gg_watch_fd_connected() not enough memory for notify data\n");
+ 							goto fail;