diff -Nru pdns-3.3.1/debian/changelog pdns-3.3.1/debian/changelog
--- pdns-3.3.1/debian/changelog	2014-06-24 14:50:20.000000000 +0200
+++ pdns-3.3.1/debian/changelog	2015-04-29 16:21:18.000000000 +0200
@@ -1,3 +1,11 @@
+pdns (3.3.1-4ubuntu0.1) utopic-security; urgency=medium
+
+  * SECURITY UPDATE: label decompression bug (LP: #1450037)
+    - debian/patches/CVE-2015-1868: apply upstream fix
+    - CVE-2015-1868
+
+ -- Felix Geyer <debfx@ubuntu.com>  Wed, 29 Apr 2015 16:21:06 +0200
+
 pdns (3.3.1-4) unstable; urgency=medium
 
   * Drop unused pdns-backend-mongodb.prerm file
diff -Nru pdns-3.3.1/debian/patches/CVE-2015-1868 pdns-3.3.1/debian/patches/CVE-2015-1868
--- pdns-3.3.1/debian/patches/CVE-2015-1868	1970-01-01 01:00:00.000000000 +0100
+++ pdns-3.3.1/debian/patches/CVE-2015-1868	2015-04-29 16:20:48.000000000 +0200
@@ -0,0 +1,28 @@
+Description: PowerDNS Security Advisory 2015-01: Label decompression bug can cause crashes on specific platforms
+Origin: https://downloads.powerdns.com/patches/2015-01/others.patch
+
+diff --git a/pdns/dnsparser.cc b/pdns/dnsparser.cc
+index 595a4af..b89d840 100644
+--- a/pdns/dnsparser.cc
++++ b/pdns/dnsparser.cc
+@@ -455,9 +455,10 @@ string PacketReader::getText(bool multi)
+ 
+ void PacketReader::getLabelFromContent(const vector<uint8_t>& content, uint16_t& frompos, string& ret, int recurs) 
+ {
+-  if(recurs > 1000) // the forward reference-check below should make this test 100% obsolete
++  if(recurs > 100) // the forward reference-check below should make this test 100% obsolete
+     throw MOADNSException("Loop");
+ 
++  int pos = frompos;
+   for(;;) {
+     unsigned char labellen=content.at(frompos++);
+ 
+@@ -470,7 +471,7 @@ void PacketReader::getLabelFromContent(const vector<uint8_t>& content, uint16_t&
+       uint16_t offset=256*(labellen & ~0xc0) + (unsigned int)content.at(frompos++) - sizeof(dnsheader);
+       //        cout<<"This is an offset, need to go to: "<<offset<<endl;
+ 
+-      if(offset >= frompos-2)
++      if(offset >= pos)
+         throw MOADNSException("forward reference during label decompression");
+       return getLabelFromContent(content, offset, ret, ++recurs);
+     }
diff -Nru pdns-3.3.1/debian/patches/series pdns-3.3.1/debian/patches/series
--- pdns-3.3.1/debian/patches/series	2014-06-09 20:57:50.000000000 +0200
+++ pdns-3.3.1/debian/patches/series	2015-04-29 16:20:57.000000000 +0200
@@ -1 +1,2 @@
 correct-rpath-and-pkglibdir
+CVE-2015-1868