diff -u pgbouncer-1.3.1/debian/changelog pgbouncer-1.3.1/debian/changelog
--- pgbouncer-1.3.1/debian/changelog
+++ pgbouncer-1.3.1/debian/changelog
@@ -1,3 +1,13 @@
+pgbouncer (1.3.1-3ubuntu0.1) lucid-security; urgency=low
+
+  * SECURITY UPDATE: denial of service when too long db name is provided
+    (LP: #1083414)
+    - debian/patches/4-CVE-2012-4575.patch: objects.c(add_database): fail
+      gracefully if too long db name. Based on upstream patch.
+    - CVE-2012-4575
+
+ -- Christian Kuersteiner <ckuerste@gmx.ch>  Fri, 07 Dec 2012 13:06:35 +0700
+
 pgbouncer (1.3.1-3) unstable; urgency=low
 
   * Really change the init script now - unfortunately the old one found
diff -u pgbouncer-1.3.1/debian/control pgbouncer-1.3.1/debian/control
--- pgbouncer-1.3.1/debian/control
+++ pgbouncer-1.3.1/debian/control
@@ -1,5 +1,6 @@
 Source: pgbouncer
-Maintainer: Fernando Ike de Oliveira <fike@midstorm.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Fernando Ike de Oliveira <fike@midstorm.org>
 Uploaders: Bernd Zeimetz <bzed@debian.org>
 Section: database
 Priority: optional
diff -u pgbouncer-1.3.1/debian/patches/00list pgbouncer-1.3.1/debian/patches/00list
--- pgbouncer-1.3.1/debian/patches/00list
+++ pgbouncer-1.3.1/debian/patches/00list
@@ -1,0 +2 @@
+04-CVE-2012-4575.dpatch
only in patch2:
unchanged:
--- pgbouncer-1.3.1.orig/debian/patches/04-CVE-2012-4575.dpatch
+++ pgbouncer-1.3.1/debian/patches/04-CVE-2012-4575.dpatch
@@ -0,0 +1,27 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## Description:  fix for denial of service when too long db name is provided
+## Origin/Author: ckuerste@gmx.ch
+## Bug: http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commitdiff;h=4b92112b820830b30cd7bc91bef3dd8f35305525
+## Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pgbouncer/+bug/1083414
+## 04-CVE-2012-4575.dpatch by Christian Kuersteiner <ckuerste@gmx.ch>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pgbouncer-1.3.1~/src/objects.c pgbouncer-1.3.1/src/objects.c
+--- pgbouncer-1.3.1~/src/objects.c	2009-05-22 21:39:09.000000000 +0700
++++ pgbouncer-1.3.1/src/objects.c	2012-12-07 13:06:29.483212784 +0700
+@@ -300,7 +300,11 @@
+ 			return NULL;
+ 
+ 		list_init(&db->head);
+-		safe_strcpy(db->name, name, sizeof(db->name));
++		if (strlcpy(db->name, name, sizeof(db->name)) >= sizeof(db->name)) {
++			log_warning("Too long db name: %s", name);
++			obj_free(db_cache, db);
++			return NULL;
++		}
+ 		put_in_order(&db->head, &database_list, cmp_database);
+ 	}
+