diff -u mplayer-1.0~rc1/debian/changelog mplayer-1.0~rc1/debian/changelog
--- mplayer-1.0~rc1/debian/changelog
+++ mplayer-1.0~rc1/debian/changelog
@@ -1,3 +1,12 @@
+mplayer (2:1.0~rc1-0ubuntu13.1) gutsy-security; urgency=low
+
+  * SECURITY UPDATE: buffer overrun in mpdemux code (LP: #140891).
+  * libmpdemux/aviheader.c: Apply upstream patch.
+  * References:
+    - CVE-2007-4938
+
+ -- William Grant <william.grant@ubuntu.org.au>  Tue, 06 Nov 2007 17:20:30 +1100
+
 mplayer (2:1.0~rc1-0ubuntu13) gutsy; urgency=low
 
   * 01_default_config.dpatch: Fix typo that prevent the screensaver to be
only in patch2:
unchanged:
--- mplayer-1.0~rc1.orig/libmpdemux/aviheader.c
+++ mplayer-1.0~rc1/libmpdemux/aviheader.c
@@ -227,16 +227,16 @@
 	  
       print_avisuperindex_chunk(s,MSGL_V);
       
-      if( ((chunksize/4)/s->wLongsPerEntry) < s->nEntriesInUse){
-        mp_msg (MSGT_HEADER, MSGL_WARN, "Broken super index chunk\n");
-        s->nEntriesInUse = (chunksize/4)/s->wLongsPerEntry;
-      }
-
       // Check and fix this useless crap
       if(s->wLongsPerEntry != sizeof (avisuperindex_entry)/4) {
           mp_msg (MSGT_HEADER, MSGL_WARN, "Broken super index chunk size: %u\n",s->wLongsPerEntry);
           s->wLongsPerEntry = sizeof(avisuperindex_entry)/4;
       }
+      if( ((chunksize/4)/s->wLongsPerEntry) < s->nEntriesInUse){
+        mp_msg (MSGT_HEADER, MSGL_WARN, "Broken super index chunk\n");
+        s->nEntriesInUse = (chunksize/4)/s->wLongsPerEntry;
+      }
+
       s->aIndex = calloc(s->nEntriesInUse, sizeof (avisuperindex_entry));
       s->stdidx = calloc(s->nEntriesInUse, sizeof (avistdindex_chunk));