diff -u php5-5.3.10/debian/changelog php5-5.3.10/debian/changelog
--- php5-5.3.10/debian/changelog
+++ php5-5.3.10/debian/changelog
@@ -1,3 +1,12 @@
+php5 (5.3.10-1ubuntu3.5) precise-security; urgency=low
+
+  * SECURITY UPDATE: data leak when encrypting empty data with openssl
+    (LP: #1099793)
+    - debian/patches/openssl_encrypt_uninitialized_variable.patch: initialize
+      variable even when input data size is 0.
+
+ -- Robie Basak <robie.basak@canonical.com>  Tue, 15 Jan 2013 16:09:05 +0000
+
 php5 (5.3.10-1ubuntu3.4) precise-security; urgency=low
 
   * SECURITY UPDATE: HTTP response-splitting issue with %0D sequences
diff -u php5-5.3.10/debian/patches/series php5-5.3.10/debian/patches/series
--- php5-5.3.10/debian/patches/series
+++ php5-5.3.10/debian/patches/series
@@ -72,0 +73 @@
+openssl_encrypt_uninitialized_variable.patch
only in patch2:
unchanged:
--- php5-5.3.10.orig/debian/patches/openssl_encrypt_uninitialized_variable.patch
+++ php5-5.3.10/debian/patches/openssl_encrypt_uninitialized_variable.patch
@@ -0,0 +1,19 @@
+Author: Anatoliy Belsky <ab@php.net>
+Origin: http://git.php.net/?p=php-src.git;a=commit;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e
+Bug: https://bugs.php.net/bug.php?id=61413
+Bug-Ubuntu: https://launchpad.net/bugs/1099793
+Description: fix uninitialized variable when encrypting empty data
+ Original description from VCS:
+     Fix bug #61413 ext\openssl\tests\openssl_encrypt_crash.phpt fails 5.3 only
+
+--- a/ext/openssl/openssl.c
++++ b/ext/openssl/openssl.c
+@@ -4677,7 +4677,7 @@
+ 	int data_len, method_len, password_len, iv_len = 0, max_iv_len;
+ 	const EVP_CIPHER *cipher_type;
+ 	EVP_CIPHER_CTX cipher_ctx;
+-	int i, outlen, keylen;
++	int i = 0, outlen, keylen;
+ 	unsigned char *outbuf, *key;
+ 	zend_bool free_iv;
+