diff -u mpg123-1.4.3/src/libmpg123/id3.c mpg123-1.4.3/src/libmpg123/id3.c
--- mpg123-1.4.3/src/libmpg123/id3.c
+++ mpg123-1.4.3/src/libmpg123/id3.c
@@ -179,22 +179,22 @@
 */
 void store_id3_text(mpg123_string *sb, char *source, size_t source_size, const int noquiet)
 {
-	int encoding;
+	unsigned int encoding;
 	int bwidth;
 	if(!source_size)
 	{
 		debug("Empty id3 data!");
 		return;
 	}
-	encoding = source[0];
+	encoding = (unsigned int) source[0];
 	++source;
 	--source_size;
-	debug1("encoding: %i", encoding);
+	debug1("encoding: %u", encoding);
 	/* A note: ID3v2.3 uses UCS-2 non-variable 16bit encoding, v2.4 uses UTF16.
 	   UTF-16 uses a reserved/private range in UCS-2 to add the magic, so we just always treat it as UTF. */
 	if(encoding > 3)
 	{
-		if(noquiet) warning1("Unknown text encoding %d, assuming ISO8859-1 - I will probably screw a bit up!", encoding);
+		if(noquiet) warning1("Unknown text encoding %u, assuming ISO8859-1 - I will probably screw a bit up!", encoding);
 		encoding = 0;
 	}
 	bwidth = encoding_widths[encoding];
@@ -208,7 +208,7 @@
 	if(source_size % bwidth)
 	{
 		/* When we need two bytes for a character, it's strange to have an uneven bytestream length. */
-		if(noquiet) warning2("Weird tag size %d for encoding %d - I will probably trim too early or something but I think the MP3 is broken.", (int)source_size, encoding);
+		if(noquiet) warning2("Weird tag size %d for encoding %u - I will probably trim too early or something but I think the MP3 is broken.", (int)source_size, encoding);
 		source_size -= source_size % bwidth;
 	}
 	text_converters[encoding](sb, (unsigned char*)source, source_size);
diff -u mpg123-1.4.3/debian/changelog mpg123-1.4.3/debian/changelog
--- mpg123-1.4.3/debian/changelog
+++ mpg123-1.4.3/debian/changelog
@@ -1,3 +1,15 @@
+mpg123 (1.4.3-3ubuntu0.1) intrepid-security; urgency=low
+
+  * SECURITY UPDATE: Integer signedness error in the store_id3_text function
+    in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause
+    a denial of service (out-of-bounds memory access) and possibly execute
+    arbitrary code via an ID3 tag with a negative encoding value. (LP: 370031).
+   - src/libmpg123/id3.c: Inline patch from upstream SVN rev 1920.
+   - http://www.mpg123.org/cgi-bin/viewvc.cgi/tags/1.7.2/?view=log
+   - CVE-2009-1301
+
+ -- Stefan Lesicnik <stefan@lsd.co.za>  Fri, 01 May 2009 09:24:44 +0200
+
 mpg123 (1.4.3-3) unstable; urgency=medium
 
   * src/libmpg123/id3.c: Apply upstream fix for out-of-bounds error in