diff -Nru pgbouncer-1.5.2/debian/changelog pgbouncer-1.5.2/debian/changelog
--- pgbouncer-1.5.2/debian/changelog	2012-07-26 18:12:28.000000000 +0700
+++ pgbouncer-1.5.2/debian/changelog	2012-12-03 14:39:49.000000000 +0700
@@ -1,3 +1,13 @@
+pgbouncer (1.5.2-2ubuntu0.1) quantal-security; urgency=low
+
+  * SECURITY UPDATE: denial of service when too long db name is provided
+    (LP: #1083414)
+    - debian/patches/1-CVE-2012-4575.patch: objects.c(add_database): fail
+      gracefully if too long db name. Based on upstream patch.
+    - CVE-2012-4575
+
+ -- Christian Kuersteiner <ckuerste@gmx.ch>  Mon, 03 Dec 2012 13:53:28 +0700
+
 pgbouncer (1.5.2-2) unstable; urgency=low
 
   * Init script: Use --oknodo.  Closes: #681978.
diff -Nru pgbouncer-1.5.2/debian/control pgbouncer-1.5.2/debian/control
--- pgbouncer-1.5.2/debian/control	2012-04-30 19:32:31.000000000 +0700
+++ pgbouncer-1.5.2/debian/control	2012-12-03 14:43:45.000000000 +0700
@@ -1,5 +1,6 @@
 Source: pgbouncer
-Maintainer: Christoph Berg <myon@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Christoph Berg <myon@debian.org>
 Uploaders: Bernd Zeimetz <bzed@debian.org>, Peter Eisentraut <petere@debian.org>
 Section: database
 Priority: optional
diff -Nru pgbouncer-1.5.2/debian/patches/1-CVE-2012-4575.patch pgbouncer-1.5.2/debian/patches/1-CVE-2012-4575.patch
--- pgbouncer-1.5.2/debian/patches/1-CVE-2012-4575.patch	1970-01-01 07:00:00.000000000 +0700
+++ pgbouncer-1.5.2/debian/patches/1-CVE-2012-4575.patch	2012-12-03 14:15:47.000000000 +0700
@@ -0,0 +1,21 @@
+## Description: denial of service when too long db name is provided 
+## Origin/Author: ckuerste@gmx.ch
+## Bug: http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commitdiff;h=4b92112b820830b30cd7bc91bef3dd8f35305525
+## Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414
+Index: pgbouncer/src/objects.c
+===================================================================
+--- pgbouncer.orig/src/objects.c	2012-12-03 13:50:11.337434000 +0700
++++ pgbouncer/src/objects.c	2012-12-03 13:53:25.365116340 +0700
+@@ -303,7 +303,11 @@
+ 			return NULL;
+ 
+ 		list_init(&db->head);
+-		safe_strcpy(db->name, name, sizeof(db->name));
++		if (strlcpy(db->name, name, sizeof(db->name)) >= sizeof(db->name)) {
++			log_warning("Too long db name: %s", name);
++			slab_free(db_cache, db);
++			return NULL;
++		}
+ 		put_in_order(&db->head, &database_list, cmp_database);
+ 	}
+ 
diff -Nru pgbouncer-1.5.2/debian/patches/series pgbouncer-1.5.2/debian/patches/series
--- pgbouncer-1.5.2/debian/patches/series	2012-04-26 23:13:06.000000000 +0700
+++ pgbouncer-1.5.2/debian/patches/series	2012-12-03 13:50:48.000000000 +0700
@@ -1 +1,2 @@
 debian-config
+1-CVE-2012-4575.patch