diff -u perl-5.8.8/debian/changelog perl-5.8.8/debian/changelog
--- perl-5.8.8/debian/changelog
+++ perl-5.8.8/debian/changelog
@@ -1,3 +1,20 @@
+perl (5.8.8-7ubuntu3.1) gutsy-security; urgency=low
+
+  * SECURITY UPDATE: Buffer overflow in the polymorphic opcode support 
+    in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows 
+    context-dependent attackers to execute arbitrary code by switching 
+    from byte to Unicode (UTF) characters in a regular expressio
+  * debian/patches/49_CVE-2007-5116: Added patch according to debian to fix this issue
+    (Found in sourcepackage to: http://www.debian.org/security/2007/dsa-1400)
+  * References:
+    CVE-2007-5116
+    http://www.debian.org/security/2007/dsa-1400
+    http://public.activestate.com/cgi-bin/perlbrowse/30647
+    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450794
+
+
+ -- Stephan Hermann <sh@sourcecode.de>  Mon, 12 Nov 2007 12:40:06 +0100
+
 perl (5.8.8-7ubuntu3) gutsy; urgency=low
 
   * Fix illegal Conflicts, based on existing versions of
only in patch2:
unchanged:
--- perl-5.8.8.orig/debian/patches/49_CVE-2007-5116
+++ perl-5.8.8/debian/patches/49_CVE-2007-5116
@@ -0,0 +1,65 @@
+This patches fixes CVE-2007-5116, a vulnerability in the regular
+expression compiler discovered by Tavis Ormandy and Will Drewry.
+
+Patch by Yves Orton <demerphq@gmail.com> via
+http://public.activestate.com/cgi-bin/perlbrowse/30647
+
+diff --git a/regcomp.c b/regcomp.c
+index add0a53..0fe4a2e 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -136,6 +136,7 @@ typedef struct RExC_state_t {
+     I32		seen_zerolen;
+     I32		seen_evals;
+     I32		utf8;
++    I32		orig_utf8;
+ #if ADD_TO_REGEXEC
+     char 	*starttry;		/* -Dr: where regtry was called. */
+ #define RExC_starttry	(pRExC_state->starttry)
+@@ -161,6 +162,7 @@ typedef struct RExC_state_t {
+ #define RExC_seen_zerolen	(pRExC_state->seen_zerolen)
+ #define RExC_seen_evals	(pRExC_state->seen_evals)
+ #define RExC_utf8	(pRExC_state->utf8)
++#define RExC_orig_utf8 (pRExC_state->orig_utf8)
+ 
+ #define	ISMULT1(c)	((c) == '*' || (c) == '+' || (c) == '?')
+ #define	ISMULT2(s)	((*s) == '*' || (*s) == '+' || (*s) == '?' || \
+@@ -1749,15 +1751,17 @@ Perl_pregcomp(pTHX_ char *exp, char *xend, PMOP *pm)
+     if (exp == NULL)
+ 	FAIL("NULL regexp argument");
+ 
+-    RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
++    RExC_orig_utf8 = RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
+ 
+-    RExC_precomp = exp;
+     DEBUG_r({
+ 	 if (!PL_colorset) reginitcolors();
+ 	 PerlIO_printf(Perl_debug_log, "%sCompiling REx%s `%s%*s%s'\n",
+ 		       PL_colors[4],PL_colors[5],PL_colors[0],
+-		       (int)(xend - exp), RExC_precomp, PL_colors[1]);
++		       (int)(xend - exp), exp, PL_colors[1]);
+     });
++
++redo_first_pass:
++    RExC_precomp = exp;
+     RExC_flags = pm->op_pmflags;
+     RExC_sawback = 0;
+ 
+@@ -1783,6 +1787,17 @@ Perl_pregcomp(pTHX_ char *exp, char *xend, PMOP *pm)
+ 	RExC_precomp = Nullch;
+ 	return(NULL);
+     }
++    if (RExC_utf8 && !RExC_orig_utf8) {
++    	STRLEN len = xend-exp;
++    	DEBUG_r(PerlIO_printf(Perl_debug_log,
++	   "UTF8 mismatch! Converting to utf8 for resizing and compile\n"));
++	exp = (char*)Perl_bytes_to_utf8(aTHX_ (U8*)exp, &len);
++	xend = exp + len;
++	RExC_orig_utf8 = RExC_utf8;
++	SAVEFREEPV(exp);
++	goto redo_first_pass;
++    }
++
+     DEBUG_r(PerlIO_printf(Perl_debug_log, "size %"IVdf" ", (IV)RExC_size));
+ 
+     /* Small enough for pointer-storage convention?