diff -Nru nss-pam-ldapd-0.8.4ubuntu0.2/common/tio.c nss-pam-ldapd-0.8.4ubuntu0.3/common/tio.c
--- nss-pam-ldapd-0.8.4ubuntu0.2/common/tio.c	2012-06-20 16:23:34.000000000 +0100
+++ nss-pam-ldapd-0.8.4ubuntu0.3/common/tio.c	2014-07-29 12:20:25.000000000 +0100
@@ -183,6 +183,11 @@
   while (1)
   {
     /* prepare our filedescriptorset */
+    if (fp->fd>=FD_SETSIZE)
+    {
+      errno=EBADFD;
+      return -1;
+    }
     FD_ZERO(&fdset);
     FD_SET(fp->fd,&fdset);
     /* figure out the time we need to wait */
@@ -395,6 +400,11 @@
   fd_set fdset;
   int rv;
   /* prepare our filedescriptorset */
+  if (fp->fd>=FD_SETSIZE)
+  {
+    errno=EBADFD;
+    return -1;
+  }
   FD_ZERO(&fdset);
   FD_SET(fp->fd,&fdset);
   /* set the timeout to 0 to poll */
diff -Nru nss-pam-ldapd-0.8.4ubuntu0.2/debian/changelog nss-pam-ldapd-0.8.4ubuntu0.3/debian/changelog
--- nss-pam-ldapd-0.8.4ubuntu0.2/debian/changelog	2012-07-18 20:36:45.000000000 +0100
+++ nss-pam-ldapd-0.8.4ubuntu0.3/debian/changelog	2014-07-29 12:49:00.000000000 +0100
@@ -1,3 +1,16 @@
+nss-pam-ldapd (0.8.4ubuntu0.3) precise-security; urgency=low
+
+  * SECURITY UPDATE: denial of service related to incorrect use 
+    of the FD_SET macro.
+    - http://arthurdejong.org/nss-pam-ldapd/CVE-2013-0288
+    - common/tio.c added checks to make sure the file descriptor
+      can be stored in the file descriptor set, from upstream patch
+      http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7867b93f9a7c76b96f1571cddc1de0811134bb81
+    - CVE-2013-0288
+    - LP: #1347614
+
+ -- Mike Heald <mike.heald@hp.com>  Tue, 29 Jul 2014 12:27:23 +0100
+
 nss-pam-ldapd (0.8.4ubuntu0.2) precise-proposed; urgency=low
 
   * use the configuration file contents to determine the authentication