diff -u libcdio-0.76/debian/changelog libcdio-0.76/debian/changelog
--- libcdio-0.76/debian/changelog
+++ libcdio-0.76/debian/changelog
@@ -1,3 +1,16 @@
+libcdio (0.76-1ubuntu2.1) gutsy-security; urgency=low
+
+  * SECURITY UPDATE:
+    - CVE-2007-6613: a stack-based buffer overflow in the
+      print_iso9660_recurse function could lead to cause a denial of service
+      or arbitrary code execution if the iso-info tool is used with a crafted
+      iso image (LP: #191216)
+
+  * References
+    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=459129
+
+ -- Emanuele Gentili <emgent@emanuele-gentili.com>  Tue, 19 Feb 2008 21:02:43 +0100
+
 libcdio (0.76-1ubuntu2) feisty; urgency=low
 
   * debian/control: Update maintainer fields according to debian-
only in patch2:
unchanged:
--- libcdio-0.76.orig/src/cd-info.c
+++ libcdio-0.76/src/cd-info.c
@@ -510,7 +510,7 @@
       iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
       char *psz_iso_name = p_statbuf->filename;
       char _fullname[4096] = { 0, };
-      char translated_name[MAX_ISONAME+1];
+         char *translated_name = (char *) alloca(strlen(psz_iso_name)+1);
 
       if (yep != p_statbuf->rr.b3_rock || 1 == opts.no_rock_ridge) {
 	iso9660_name_translate_ext(psz_iso_name, translated_name, 
only in patch2:
unchanged:
--- libcdio-0.76.orig/src/iso-info.c
+++ libcdio-0.76/src/iso-info.c
@@ -199,7 +199,7 @@
       iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
       char *psz_iso_name = p_statbuf->filename;
       char _fullname[4096] = { 0, };
-      char translated_name[MAX_ISONAME+1];
+         char *translated_name = (char *) alloca(strlen(psz_iso_name)+1);
 
       if (yep != p_statbuf->rr.b3_rock || 1 == opts.no_rock_ridge) {
 	iso9660_name_translate_ext(psz_iso_name, translated_name,