diff -Nru /tmp/Qn3JpTHgkg/openssh-4.3p2/clientloop.c /tmp/WWcuAA4NBi/openssh-4.3p2/clientloop.c
--- /tmp/Qn3JpTHgkg/openssh-4.3p2/clientloop.c	2007-11-12 12:24:06.000000000 +0100
+++ /tmp/WWcuAA4NBi/openssh-4.3p2/clientloop.c	2007-11-12 12:24:08.000000000 +0100
@@ -279,6 +279,29 @@
 			got_data = 1;
 		if (f)
 			pclose(f);
+
+		/*
+		 * When in untrusted mode, we read the cookie only if it was
+		 * successfully generated as an untrusted one in the step
+		 * above.
+		 */
+		if (trusted || generated) {
+			snprintf(cmd, sizeof(cmd),
+			    "%s %s%s list %s 2>" _PATH_DEVNULL,
+			    xauth_path,
+			    generated ? "-f " : "" ,
+			    generated ? xauthfile : "",
+			    display);
+			debug2("x11_get_proto: %s", cmd);
+			f = popen(cmd, "r");
+			if (f && fgets(line, sizeof(line), f) &&
+			    sscanf(line, "%*s %511s %511s", proto, data) == 2)
+				got_data = 1;
+			if (f)
+				pclose(f);
+		} else
+			error("Warning: untrusted X11 forwarding setup failed: "
+			    "xauth key data not generated");
 	}
 
 	if (do_unlink) {
diff -Nru /tmp/Qn3JpTHgkg/openssh-4.3p2/debian/changelog /tmp/WWcuAA4NBi/openssh-4.3p2/debian/changelog
--- /tmp/Qn3JpTHgkg/openssh-4.3p2/debian/changelog	2007-11-12 12:24:06.000000000 +0100
+++ /tmp/WWcuAA4NBi/openssh-4.3p2/debian/changelog	2007-11-12 12:24:08.000000000 +0100
@@ -1,3 +1,18 @@
+openssh (1:4.3p2-5ubuntu1.1) edgy-security; urgency=low
+
+  * SECURITY UPDATE: ssh in OpenSSH before 4.7 does not properly handle when an untrusted
+    cookie cannot be created and uses a trusted X11 cookie instead, which
+    allows attackers to violate intended policy and gain privileges by 
+    causing an X client to be treated as trusted.
+  * clientloop.c: Applied patch according to openssh upstream (LP: #162171)
+    (see: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/clientloop.c.diff?r1=1.180&r2=1.181)
+  * References:
+    CVE-2007-4752
+    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444738
+    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/clientloop.c.diff?r1=1.180&r2=1.181 
+
+ -- Stephan Hermann <sh@sourcecode.de>  Mon, 12 Nov 2007 11:37:04 +0100
+
 openssh (1:4.3p2-5ubuntu1) edgy; urgency=low
 
   * Resynchronise with Debian.