diff -u lighttpd-1.4.13~r1370/debian/control lighttpd-1.4.13~r1370/debian/control
--- lighttpd-1.4.13~r1370/debian/control
+++ lighttpd-1.4.13~r1370/debian/control
@@ -1,7 +1,8 @@
 Source: lighttpd
 Section: web
 Priority: optional
-Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>
+Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>
 Uploaders: Krzysztof Krzyzaniak (eloy) <eloy@debian.org>, Torsten Marek <shlomme@debian.org>
 Build-Depends: debhelper (>= 5.0.0), cdbs, mime-support, libssl-dev, zlib1g-dev, libbz2-dev, libattr1-dev, libpcre3-dev, libmysqlclient15-dev, libldap2-dev, libfcgi-dev, libgdbm-dev, libmemcache-dev, liblua5.1-0-dev, dpatch, patchutils, pkg-config
 Standards-Version: 3.7.2.1
diff -u lighttpd-1.4.13~r1370/debian/changelog lighttpd-1.4.13~r1370/debian/changelog
--- lighttpd-1.4.13~r1370/debian/changelog
+++ lighttpd-1.4.13~r1370/debian/changelog
@@ -1,3 +1,14 @@
+lighttpd (1.4.13~r1370-1ubuntu1.1) edgy-security; urgency=low
+
+  * Added security fixes from 1.4.14 (Closes LP: #107628)
+    - Remote DOS in CRLF parsing (CVE-2007-1869)
+       debian/patches/04_security_crlf_parsing_dos.dpatch
+    - DOS with files with mtime 0 (CVE-2007-1870)
+       debian/patches/05_security_zero_mtime_crash.dpatch
+  * Change maintainer to MOTU
+
+ -- Scott Kitterman <scott@kitterman.com>  Mon, 23 Apr 2007 17:03:01 -0400
+
 lighttpd (1.4.13~r1370-1ubuntu1) edgy; urgency=low
 
   * Merge from Debian unstable (Closes: Malone #64900). Remaining changes:
only in patch2:
unchanged:
--- lighttpd-1.4.13~r1370.orig/debian/patches/05_security_zero_mtime_crash.dpatch
+++ lighttpd-1.4.13~r1370/debian/patches/05_security_zero_mtime_crash.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 05_security_zero_mtime_crash.dpatch by Lukas Fittl <lfittl@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Upstream patch for CVE-2007-1870 - DOS with files with mtime 0.
+## DP: Taken from 1.4.14 release.
+
+@DPATCH@
+diff -urNad lighttpd-1.4.13~/src/server.c lighttpd-1.4.13/src/server.c
+--- lighttpd-1.4.13~/src/server.c	2006-10-04 15:30:52.000000000 +0200
++++ lighttpd-1.4.13/src/server.c	2007-04-14 05:04:53.000000000 +0200
+@@ -163,6 +163,7 @@
+ #undef CLEAN
+ 
+ 	for (i = 0; i < FILE_CACHE_MAX; i++) {
++		srv->mtime_cache[i].mtime = (time_t)-1;
+ 		srv->mtime_cache[i].str = buffer_init();
+ 	}
+ 
only in patch2:
unchanged:
--- lighttpd-1.4.13~r1370.orig/debian/patches/04_security_crlf_parsing_dos.dpatch
+++ lighttpd-1.4.13~r1370/debian/patches/04_security_crlf_parsing_dos.dpatch
@@ -0,0 +1,20 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 04_security_crlf_parsing_dos.dpatch by Lukas Fittl <lfittl@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Upstream patch for CVE-2007-1869 - Remote DOS in CRLF parsing.
+## DP: Taken from 1.4.14 release.
+
+@DPATCH@
+diff -urNad lighttpd-1.4.13~/src/connections.c lighttpd-1.4.13/src/connections.c
+--- lighttpd-1.4.13~/src/connections.c	2006-10-07 19:44:43.000000000 +0200
++++ lighttpd-1.4.13/src/connections.c	2007-04-14 05:03:23.000000000 +0200
+@@ -970,7 +970,7 @@
+ 								}
+ 							} else {
+ 								/* a splited \r \n */
+-								return -1;
++								break;
+ 							}
+ 						}
+ 					}
only in patch2:
unchanged:
--- lighttpd-1.4.13~r1370.orig/debian/patches/00list
+++ lighttpd-1.4.13~r1370/debian/patches/00list
@@ -0,0 +1,2 @@
+04_security_crlf_parsing_dos.dpatch
+05_security_zero_mtime_crash.dpatch