diff -Nru pgbouncer-1.4.2/debian/changelog pgbouncer-1.4.2/debian/changelog
--- pgbouncer-1.4.2/debian/changelog	2011-07-11 00:19:25.000000000 +0700
+++ pgbouncer-1.4.2/debian/changelog	2012-12-06 12:58:01.000000000 +0700
@@ -1,3 +1,13 @@
+pgbouncer (1.4.2-1ubuntu0.1) oneiric-security; urgency=low
+
+  * SECURITY UPDATE: denial of service when too long db name is provided
+    (LP: #1083414)
+    - debian/patches/3-CVE-2012-4575.patch: objects.c(add_database): fail
+      gracefully if too long db name. Based on upstream patch.
+    - CVE-2012-4575
+
+ -- Christian Kuersteiner <ckuerste@gmx.ch>  Thu, 06 Dec 2012 12:46:08 +0700
+
 pgbouncer (1.4.2-1build1) oneiric; urgency=low
 
   * No change rebuild against new libevent.
diff -Nru pgbouncer-1.4.2/debian/control pgbouncer-1.4.2/debian/control
--- pgbouncer-1.4.2/debian/control	2011-04-12 18:52:02.000000000 +0700
+++ pgbouncer-1.4.2/debian/control	2012-12-06 12:56:54.000000000 +0700
@@ -1,5 +1,6 @@
 Source: pgbouncer
-Maintainer: Christoph Berg <myon@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Christoph Berg <myon@debian.org>
 Uploaders: Bernd Zeimetz <bzed@debian.org>, Peter Eisentraut <petere@debian.org>
 Section: database
 Priority: optional
diff -Nru pgbouncer-1.4.2/debian/patches/3-CVE-2012-4575.patch pgbouncer-1.4.2/debian/patches/3-CVE-2012-4575.patch
--- pgbouncer-1.4.2/debian/patches/3-CVE-2012-4575.patch	1970-01-01 07:00:00.000000000 +0700
+++ pgbouncer-1.4.2/debian/patches/3-CVE-2012-4575.patch	2012-12-06 12:59:53.000000000 +0700
@@ -0,0 +1,21 @@
+## Description: fix for denial of service when too long db name is provided
+## Origin/Author: ckuerste@gmx.ch
+## Bug: http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commitdiff;h=4b92112b820830b30cd7bc91bef3dd8f35305525
+## Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414
+Index: pgbouncer-1.4.2/src/objects.c
+===================================================================
+--- pgbouncer-1.4.2.orig/src/objects.c	2011-03-30 05:49:12.000000000 +0700
++++ pgbouncer-1.4.2/src/objects.c	2012-12-06 12:37:51.111247878 +0700
+@@ -303,7 +303,11 @@
+ 			return NULL;
+ 
+ 		list_init(&db->head);
+-		safe_strcpy(db->name, name, sizeof(db->name));
++		if (strlcpy(db->name, name, sizeof(db->name)) >= sizeof(db->name)) {
++			log_warning("Too long db name: %s", name);
++			slab_free(db_cache, db);
++			return NULL;
++		}
+ 		put_in_order(&db->head, &database_list, cmp_database);
+ 	}
+ 
diff -Nru pgbouncer-1.4.2/debian/patches/series pgbouncer-1.4.2/debian/patches/series
--- pgbouncer-1.4.2/debian/patches/series	2011-04-12 19:00:57.000000000 +0700
+++ pgbouncer-1.4.2/debian/patches/series	2012-12-06 12:35:51.000000000 +0700
@@ -1 +1,2 @@
 debian-config
+3-CVE-2012-4575.patch