diff -u php-imap-5.2.3/debian/changelog php-imap-5.2.3/debian/changelog
--- php-imap-5.2.3/debian/changelog
+++ php-imap-5.2.3/debian/changelog
@@ -1,3 +1,11 @@
+php-imap (5.2.3-0ubuntu3.1) hardy-security; urgency=low
+
+  * SECURITY UPDATE: unsafe usage of deprecated imap functions (LP: #485973)
+    - php_imap.c: apply patch taken from Debian
+    - CVE-2008-2829
+
+ -- Devid Antonio Filoni <d.filoni@ubuntu.com>  Wed, 06 Jan 2010 18:58:48 +0100
+
 php-imap (5.2.3-0ubuntu3) hardy; urgency=low
 
   * Rebuild for libc-client2006j2 -> libc-client2007 transition (LP: #192415).
only in patch2:
unchanged:
--- php-imap-5.2.3.orig/php_imap.c
+++ php-imap-5.2.3/php_imap.c
@@ -70,6 +70,7 @@
 static void _php_imap_add_body(zval *arg, BODY *body TSRMLS_DC);
 static void _php_imap_parse_address(ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC);
 static int _php_imap_address_size(ADDRESS *addresslist);
+static void _php_rfc822_write_address_len (char *dest, ADDRESS *adr, int len);
 
 /* the gets we use */
 static char *php_mail_gets(readfn_t f, void *stream, unsigned long size, GETS_DATA *md);
@@ -2137,7 +2138,7 @@
 	}
 
 	string[0]='\0';
-	rfc822_write_address(string, addr);
+	_php_rfc822_write_address_len(string, addr, sizeof(string));
 	RETVAL_STRING(string, 1);
 }
 /* }}} */
@@ -2906,13 +2907,13 @@
 				if (env->from && _php_imap_address_size(env->from) < MAILTMPLEN) {
 					env->from->next=NULL;
 					address[0] = '\0';
-					rfc822_write_address(address, env->from);
+					_php_rfc822_write_address_len(address, env->from, sizeof(address));;
 					add_property_string(myoverview, "from", address, 1);
 				}
 				if (env->to && _php_imap_address_size(env->to) < MAILTMPLEN) {
 					env->to->next = NULL;
 					address[0] = '\0';
-					rfc822_write_address(address, env->to);
+					_php_rfc822_write_address_len(address, env->to, sizeof(address));;
 					add_property_string(myoverview, "to", address, 1);
 				}
 				if (env->date) {
@@ -3881,6 +3882,34 @@
 }
 
 /* }}} */
+ 
+ 
+/* {{{ _php_rfc822_soutr
+ */
+static long _php_rfc822_soutr (void *stream,char *string)
+{
+ return NIL;
+}
+
+/* }}} */
+
+
+/* {{{ _php_rfc822_write_address_len
+ */
+static void _php_rfc822_write_address_len ( char *dest, ADDRESS *adr, int len)
+{
+ RFC822BUFFER buf;
+
+ buf.beg = dest;
+ buf.cur = buf.beg;
+ buf.end = buf.beg + len - 1;
+ buf.s = NIL;
+ buf.f = _php_rfc822_soutr;
+ rfc822_output_address_list (&buf, adr, 0, NIL);
+ *buf.cur = '\0';
+}
+ 
+/* }}} */
 
 
 /* {{{ _php_imap_parse_address
@@ -3897,7 +3926,7 @@
 	if ((len = _php_imap_address_size(addresstmp))) {
 		tmpstr = (char *) pemalloc(len + 1, 1);
 		tmpstr[0] = '\0';
-		rfc822_write_address(tmpstr, addresstmp);
+		_php_rfc822_write_address_len(tmpstr, addresstmp, len);
 		*fulladdress = tmpstr;
 	} else {
 		*fulladdress = NULL;