diff -u libapache2-mod-fcgid-2.3.6/debian/control libapache2-mod-fcgid-2.3.6/debian/control
--- libapache2-mod-fcgid-2.3.6/debian/control
+++ libapache2-mod-fcgid-2.3.6/debian/control
@@ -1,7 +1,8 @@
 Source: libapache2-mod-fcgid
 Section: httpd
 Priority: optional
-Maintainer: Tatsuki Sugiura <sugi@nemui.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Tatsuki Sugiura <sugi@nemui.org>
 Build-Depends: debhelper (>= 5.0.0), apache2-threaded-dev (>= 2.2.3-2), libtool, cdbs, libapr1-dev, pkg-config, dpatch
 Standards-Version: 3.9.1
 Uploaders: Taku YASUI <tach@debian.or.jp>
diff -u libapache2-mod-fcgid-2.3.6/debian/changelog libapache2-mod-fcgid-2.3.6/debian/changelog
--- libapache2-mod-fcgid-2.3.6/debian/changelog
+++ libapache2-mod-fcgid-2.3.6/debian/changelog
@@ -1,3 +1,10 @@
+libapache2-mod-fcgid (1:2.3.6-1.1ubuntu0.1) precise-security; urgency=low
+
+  * Fix CVE-2013-4365: heap buffer overwrite. (LP: #1238242)
+    - Add debian/patches/20_CVE-2013-4365.dpatch, patch from upstream.
+
+ -- Felix Geyer <debfx@ubuntu.com>  Fri, 11 Oct 2013 19:39:49 +0200
+
 libapache2-mod-fcgid (1:2.3.6-1.1) unstable; urgency=low
 
   * Non-maintainer upload.
diff -u libapache2-mod-fcgid-2.3.6/debian/patches/00list libapache2-mod-fcgid-2.3.6/debian/patches/00list
--- libapache2-mod-fcgid-2.3.6/debian/patches/00list
+++ libapache2-mod-fcgid-2.3.6/debian/patches/00list
@@ -2,0 +3 @@
+30_CVE-2013-4365.dpatch
only in patch2:
unchanged:
--- libapache2-mod-fcgid-2.3.6.orig/debian/patches/30_CVE-2013-4365.dpatch
+++ libapache2-mod-fcgid-2.3.6/debian/patches/30_CVE-2013-4365.dpatch
@@ -0,0 +1,35 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+## DP: Fix CVE-2013-4365: heap buffer overwrite
+## DP: Origin: https://svn.apache.org/viewvc?view=revision&revision=r1527362
+
+@DPATCH@
+
+--- a/modules/fcgid/fcgid_bucket.c
++++ b/modules/fcgid/fcgid_bucket.c
+@@ -112,10 +112,12 @@
+     if (header.type == FCGI_STDERR) {
+         char *logbuf = apr_bucket_alloc(APR_BUCKET_BUFF_SIZE, b->list);
+         char *line;
++        apr_size_t hasput;
+ 
+         memset(logbuf, 0, APR_BUCKET_BUFF_SIZE);
+ 
+         hasread = 0;
++        hasput = 0;
+         while (hasread < bodysize) {
+             char *buffer;
+             apr_size_t bufferlen, canput, willput;
+@@ -130,9 +132,10 @@
+ 
+             canput = fcgid_min(bufferlen, bodysize - hasread);
+             willput =
+-                fcgid_min(canput, APR_BUCKET_BUFF_SIZE - hasread - 1);
+-            memcpy(logbuf + hasread, buffer, willput);
++                fcgid_min(canput, APR_BUCKET_BUFF_SIZE - hasput - 1);
++            memcpy(logbuf + hasput, buffer, willput);
+             hasread += canput;
++            hasput += willput;
+ 
+             /* Ignore the "canput" bytes */
+             fcgid_ignore_bytes(ctx, canput);