diff -u mono-1.2.4/debian/patches/00list mono-1.2.4/debian/patches/00list
--- mono-1.2.4/debian/patches/00list
+++ mono-1.2.4/debian/patches/00list
@@ -11,0 +12 @@
+CVE-2007-5197
diff -u mono-1.2.4/debian/changelog mono-1.2.4/debian/changelog
--- mono-1.2.4/debian/changelog
+++ mono-1.2.4/debian/changelog
@@ -1,3 +1,18 @@
+mono (1.2.4-6ubuntu6.1) gutsy-security; urgency=low
+
+  * SECURITY UPDATE: (LP: #162826)
+    + CVE-2007-5197:
+      Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and
+      earlier allows context-dependent attackers to execute arbitrary code via
+      unspecified vectors related to Reduce in Montgomery-based Pow methods.
+  * debian/patches/CVE-2007-5197.dpatch:
+    Applied security fix from debian
+    Took it from the etch upload (see DSA http://www.debian.org/security/2007/dsa-1397 )
+  * References:
+    CVE-2007-5197
+
+ -- Stephan Hermann <sh@sourcecode.de>  Wed, 21 Nov 2007 13:00:24 +0100
+
 mono (1.2.4-6ubuntu6) gutsy; urgency=low
 
   * Explicitely remove the doc directories on upgrade for the now symlinked
only in patch2:
unchanged:
--- mono-1.2.4.orig/debian/patches/CVE-2007-5197.dpatch
+++ mono-1.2.4/debian/patches/CVE-2007-5197.dpatch
@@ -0,0 +1,31 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2007-5197.dpatch by Stephan Hermann <sh@sourcecode.de>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad mono-1.2.4~/mcs/class/Mono.Security/Mono.Math/BigInteger.cs mono-1.2.4/mcs/class/Mono.Security/Mono.Math/BigInteger.cs
+--- mono-1.2.4~/mcs/class/Mono.Security/Mono.Math/BigInteger.cs	2007-04-25 20:50:15.000000000 +0200
++++ mono-1.2.4/mcs/class/Mono.Security/Mono.Math/BigInteger.cs	2007-11-21 12:58:09.455653600 +0100
+@@ -1574,7 +1574,7 @@
+ 						uint j = 1;
+ 
+ 						// Multiply and add
+-						for (; j < m.length; j++) {
++						for (; j < m.length && j < A.length; j++) {
+ 							c += (ulong)u_i * (ulong)*(mP++) + *(aSP++);
+ 							*(aDP++) = (uint)c;
+ 							c >>= 32;
+diff -urNad mono-1.2.4~/mcs/class/corlib/Mono.Math/BigInteger.cs mono-1.2.4/mcs/class/corlib/Mono.Math/BigInteger.cs
+--- mono-1.2.4~/mcs/class/corlib/Mono.Math/BigInteger.cs	2007-04-25 20:49:45.000000000 +0200
++++ mono-1.2.4/mcs/class/corlib/Mono.Math/BigInteger.cs	2007-11-21 12:58:39.957391703 +0100
+@@ -1574,7 +1574,7 @@
+ 						uint j = 1;
+ 
+ 						// Multiply and add
+-						for (; j < m.length; j++) {
++						for (; j < m.length && j < A.length; j++) {
+ 							c += (ulong)u_i * (ulong)*(mP++) + *(aSP++);
+ 							*(aDP++) = (uint)c;
+ 							c >>= 32;