diff -Nru mapserver-6.2.1/debian/changelog mapserver-6.2.1/debian/changelog
--- mapserver-6.2.1/debian/changelog	2013-07-23 16:46:00.000000000 +0200
+++ mapserver-6.2.1/debian/changelog	2014-01-12 21:36:01.000000000 +0100
@@ -1,3 +1,10 @@
+mapserver (6.2.1-3ubuntu1) precise; urgency=low
+
+  * Add patch to fix CVE-2013-7262, an SQL injection vulnerability in the
+    msPostGISLayerSetTimeFilter function in mappostgis.c.
+
+ -- Johan Van de Wauw <johan.vandewauw@gmail.com>  Sun, 12 Jan 2014 21:35:48 +0100
+
 mapserver (6.2.1-3) unstable; urgency=low
 
   [ Bas Couwenberg ]
diff -Nru mapserver-6.2.1/debian/patches/CVE-2013-7262.patch mapserver-6.2.1/debian/patches/CVE-2013-7262.patch
--- mapserver-6.2.1/debian/patches/CVE-2013-7262.patch	1970-01-01 01:00:00.000000000 +0100
+++ mapserver-6.2.1/debian/patches/CVE-2013-7262.patch	2014-01-12 21:43:58.000000000 +0100
@@ -0,0 +1,25 @@
+Description: Fix potential SQL Injection with postgis TIME filters.
+commit 3a10f6b829297dae63492a8c63385044bc6953ed
+Author: Even Rouault <even.rouault@mines-paris.org>
+Date:   Tue Dec 31 13:54:40 2013 +0100
+Bug: https://github.com/mapserver/mapserver/issues/4834
+Origin: https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed
+
+    Fix potential SQL Injection with postgis TIME filters (#4834)
+
+diff --git a/mappostgis.c b/mappostgis.c
+index 1f4c64e..f24d969 100644
+--- a/mappostgis.c
++++ b/mappostgis.c
+@@ -3212,6 +3212,11 @@ int msPostGISLayerSetTimeFilter(layerObj *lp, const char *timestring, const char
+   if (!lp || !timestring || !timefield)
+     return MS_FALSE;
+ 
++  if( strchr(timestring,'\'') || strchr(timestring, '\\') ) {
++     msSetError(MS_MISCERR, "Invalid time filter.", "msPostGISLayerSetTimeFilter()");
++     return MS_FALSE;
++  }
++
+   /* discrete time */
+   if (strstr(timestring, ",") == NULL &&
+       strstr(timestring, "/") == NULL) { /* discrete time */
diff -Nru mapserver-6.2.1/debian/patches/series mapserver-6.2.1/debian/patches/series
--- mapserver-6.2.1/debian/patches/series	2013-07-23 16:46:00.000000000 +0200
+++ mapserver-6.2.1/debian/patches/series	2014-01-12 21:44:12.000000000 +0100
@@ -3,3 +3,4 @@
 mapows-contenttype.patch
 hardening.patch
 shp2img-typo.patch
+CVE-2013-7262.patch