diff -u mono-1.2.3.1/debian/changelog mono-1.2.3.1/debian/changelog
--- mono-1.2.3.1/debian/changelog
+++ mono-1.2.3.1/debian/changelog
@@ -1,3 +1,18 @@
+mono (1.2.3.1-1ubuntu1.1) feisty-security; urgency=low
+
+  * SECURITY UPDATE: (LP: #162826)
+    + CVE-2007-5197:
+      Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and
+      earlier allows context-dependent attackers to execute arbitrary code via
+      unspecified vectors related to Reduce in Montgomery-based Pow methods.
+  * debian/patches/CVE-2007-5197.dpatch:
+    Applied security fix from debian
+    Took it from the etch upload (see DSA http://www.debian.org/security/2007/dsa-1397 )
+  * References:
+    CVE-2007-5197
+
+ -- Stephan Hermann <sh@sourcecode.de>  Wed, 21 Nov 2007 14:19:45 +0100
+
 mono (1.2.3.1-1ubuntu1) feisty; urgency=low
 
   * Sync with Debian:
diff -u mono-1.2.3.1/debian/patches/00list mono-1.2.3.1/debian/patches/00list
--- mono-1.2.3.1/debian/patches/00list
+++ mono-1.2.3.1/debian/patches/00list
@@ -5,0 +6 @@
+CVE-2007-5197.dpatch
only in patch2:
unchanged:
--- mono-1.2.3.1.orig/debian/patches/CVE-2007-5197.dpatch
+++ mono-1.2.3.1/debian/patches/CVE-2007-5197.dpatch
@@ -0,0 +1,31 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2007-5197.dpatch by Stephan Hermann <sh@sourcecode.de>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad mono-1.2.3.1~/mcs/class/Mono.Security/Mono.Math/BigInteger.cs mono-1.2.3.1/mcs/class/Mono.Security/Mono.Math/BigInteger.cs
+--- mono-1.2.3.1~/mcs/class/Mono.Security/Mono.Math/BigInteger.cs	2006-04-14 19:51:24.000000000 +0200
++++ mono-1.2.3.1/mcs/class/Mono.Security/Mono.Math/BigInteger.cs	2007-11-21 14:14:07.715413855 +0100
+@@ -1574,7 +1574,7 @@
+ 						uint j = 1;
+ 
+ 						// Multiply and add
+-						for (; j < m.length; j++) {
++						for (; j < m.length && j < A.length; j++) {
+ 							c += (ulong)u_i * (ulong)*(mP++) + *(aSP++);
+ 							*(aDP++) = (uint)c;
+ 							c >>= 32;
+diff -urNad mono-1.2.3.1~/mcs/class/corlib/Mono.Math/BigInteger.cs mono-1.2.3.1/mcs/class/corlib/Mono.Math/BigInteger.cs
+--- mono-1.2.3.1~/mcs/class/corlib/Mono.Math/BigInteger.cs	2006-04-14 19:50:35.000000000 +0200
++++ mono-1.2.3.1/mcs/class/corlib/Mono.Math/BigInteger.cs	2007-11-21 14:15:43.720884895 +0100
+@@ -1574,7 +1574,7 @@
+ 						uint j = 1;
+ 
+ 						// Multiply and add
+-						for (; j < m.length; j++) {
++						for (; j < m.length && j < A.length; j++) {
+ 							c += (ulong)u_i * (ulong)*(mP++) + *(aSP++);
+ 							*(aDP++) = (uint)c;
+ 							c >>= 32;