diff -Nru libtorrent-rasterbar-0.16.13/debian/changelog libtorrent-rasterbar-0.16.13/debian/changelog
--- libtorrent-rasterbar-0.16.13/debian/changelog	2014-03-31 14:35:11.000000000 -0400
+++ libtorrent-rasterbar-0.16.13/debian/changelog	2014-06-23 22:49:55.000000000 -0400
@@ -1,3 +1,11 @@
+libtorrent-rasterbar (0.16.13-1ubuntu2.1) trusty-security; urgency=medium
+
+  * SECURITY UPDATE: Stop UPnP from falling back on port 0. Routers
+    may forward unmapped ports to the given IP, exposing the machine
+    to the internet (LP: #1330703).
+
+ -- Andrew Starr-Bochicchio <a.starr.b@gmail.com>  Mon, 23 Jun 2014 22:42:45 -0400
+
 libtorrent-rasterbar (0.16.13-1ubuntu2) trusty; urgency=medium
 
   * No change rebuild to drop python3.3 compiled extension.
diff -Nru libtorrent-rasterbar-0.16.13/debian/patches/series libtorrent-rasterbar-0.16.13/debian/patches/series
--- libtorrent-rasterbar-0.16.13/debian/patches/series	2014-02-24 23:12:37.000000000 -0500
+++ libtorrent-rasterbar-0.16.13/debian/patches/series	2014-06-23 22:33:17.000000000 -0400
@@ -1,2 +1,3 @@
 fix-python-dbg-build.patch
 fix-html-docs.patch
+upnp_port_fix.patch
diff -Nru libtorrent-rasterbar-0.16.13/debian/patches/upnp_port_fix.patch libtorrent-rasterbar-0.16.13/debian/patches/upnp_port_fix.patch
--- libtorrent-rasterbar-0.16.13/debian/patches/upnp_port_fix.patch	1969-12-31 19:00:00.000000000 -0500
+++ libtorrent-rasterbar-0.16.13/debian/patches/upnp_port_fix.patch	2014-06-23 22:42:38.000000000 -0400
@@ -0,0 +1,57 @@
+Description: Don't fall back on wildcard port in UPnP
+ Stop UPnP from openning port 0. Routers may forward unmapped ports to
+ the given IP, exposing the machine to the internet.
+Origin: upstream,
+ https://code.google.com/p/libtorrent/source/detail?r=10001,
+ https://code.google.com/p/libtorrent/source/detail?r=10003
+Bug: https://github.com/qbittorrent/qBittorrent/issues/1758
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libtorrent-rasterbar/+bug/1330703
+
+--- libtorrent-rasterbar-0.16.13.orig/src/session_impl.cpp
++++ libtorrent-rasterbar-0.16.13/src/session_impl.cpp
+@@ -2443,7 +2443,8 @@ retry:
+ 			m_tcp_mapping[0] = m_natpmp->add_mapping(natpmp::tcp, tcp_port, tcp_port);
+ #ifdef TORRENT_USE_OPENSSL
+ 			if (m_ssl_mapping[0] != -1) m_natpmp->delete_mapping(m_ssl_mapping[0]);
+-			m_ssl_mapping[0] = m_natpmp->add_mapping(natpmp::tcp, ssl_port, ssl_port);
++			if (ssl_port > 0) m_ssl_mapping[0] = m_natpmp->add_mapping(natpmp::tcp
++				, ssl_port, ssl_port);
+ #endif
+ 		}
+ 		if ((mask & 2) && m_upnp.get())
+@@ -2452,7 +2453,8 @@ retry:
+ 			m_tcp_mapping[1] = m_upnp->add_mapping(upnp::tcp, tcp_port, tcp_port);
+ #ifdef TORRENT_USE_OPENSSL
+ 			if (m_ssl_mapping[1] != -1) m_upnp->delete_mapping(m_ssl_mapping[1]);
+-			m_ssl_mapping[1] = m_upnp->add_mapping(upnp::tcp, ssl_port, ssl_port);
++			if (ssl_port > 0) m_ssl_mapping[1] = m_upnp->add_mapping(upnp::tcp
++				, ssl_port, ssl_port);
+ #endif
+ 		}
+ 	}
+--- libtorrent-rasterbar-0.16.13.orig/src/upnp.cpp
++++ libtorrent-rasterbar-0.16.13/src/upnp.cpp
+@@ -1302,21 +1302,11 @@ void upnp::on_upnp_map_response(error_co
+ 		update_map(d, mapping, l);
+ 		return;
+ 	}
+-	else if (s.error_code == 718 || s.error_code == 727)
++	else if (s.error_code == 727)
+ 	{
+-		if (m.external_port != 0)
+-		{
+-			// conflict in mapping, set port to wildcard
+-			// and let the router decide
+-			m.external_port = 0;
+-			m.action = mapping_t::action_add;
+-			++m.failcount;
+-			update_map(d, mapping, l);
+-			return;
+-		}
+ 		return_error(mapping, s.error_code, l);
+ 	}
+-	else if (s.error_code == 716 || (s.error_code == 501 && m.failcount < 4 && m.external_port == 0))
++	else if (s.error_code == 718 || (s.error_code == 501 && m.failcount < 4))
+ 	{
+ 		// some routers return 501 action failed, instead of 716
+ 		// The external port cannot be wildcarder