diff -u ripperx-2.7.2/debian/control ripperx-2.7.2/debian/control
--- ripperx-2.7.2/debian/control
+++ ripperx-2.7.2/debian/control
@@ -1,7 +1,8 @@
 Source: ripperx
 Section: sound
 Priority: optional
-Maintainer: tony mancill <tmancill@debian.org>
+Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
+XSBC-Original-Maintainer: tony mancill <tmancill@debian.org>
 Uploaders: gregor herrmann <gregoa@debian.org>
 Build-Depends: debhelper (>= 6.0), libgtk2.0-dev, libglib2.0-dev, libid3-dev,
  libz-dev, autoconf
diff -u ripperx-2.7.2/debian/changelog ripperx-2.7.2/debian/changelog
--- ripperx-2.7.2/debian/changelog
+++ ripperx-2.7.2/debian/changelog
@@ -1,3 +1,12 @@
+ripperx (2.7.2-3ubuntu0.10.04.1) lucid-proposed; urgency=low
+
+  * Fix buffer overflows (LP: #514739)
+    - src/job_control.c: allow more than one digit track numbers.
+    - src/ripper_encoder_manipulation.c: only add path if it isn't already
+      present.
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 28 Dec 2010 13:30:33 -0500
+
 ripperx (2.7.2-3) unstable; urgency=low
 
   * Update Gregor's email address in debian/control.
only in patch2:
unchanged:
--- ripperx-2.7.2.orig/src/job_control.c
+++ ripperx-2.7.2/src/job_control.c
@@ -432,13 +432,15 @@
 	int madewavs = FALSE;
 	int mademp3s = FALSE;
 	int tracksdone = 0;
-	char s_track_num[2];
+	char *s_track_num;
 	char *artist;
 	ID3Tag *myTag;
 
 	FILE *fp_playlist = NULL;
 	char playlist_filespec[ MAX_FILE_PATH_LENGTH + MAX_FILE_NAME_LENGTH ];
 
+	/* Allocate space dynamically.  This is overkill, but certainly won't be a problem. */
+	s_track_num = (char *) malloc((main_data->num_tracks + 2) * sizeof(char));
 	buffer[0] = 0;
 
 	/* Clean up */
@@ -515,6 +517,7 @@
 		}
 		main_data->track[ i ].make_mp3 = FALSE;
 	} /* end loop over all tracks */
+ 	free(s_track_num);
 
 	if (( config.cddb_config.create_playlist == TRUE ) && ( fp_playlist != NULL ))
 		fclose( fp_playlist );
only in patch2:
unchanged:
--- ripperx-2.7.2.orig/src/ripper_encoder_manipulation.c
+++ ripperx-2.7.2/src/ripper_encoder_manipulation.c
@@ -231,9 +231,14 @@
 	// Debian modification for alternate plugin location
 	// <tmancill@debian.org>
 	char debian_path[ MAX_COMMAND_LENGTH ];
-	strcpy(debian_path, "/usr/lib/ripperx:");
-	strcat(debian_path, getenv("PATH"));
-	setenv("PATH", debian_path, 1);
+	char *path = getenv("PATH");
+	char *found = strstr(path, "/usr/lib/ripperx:");
+	if(found == NULL) /* Only add the path if it isn't already present. */
+	  {
+	    strcpy(debian_path, "/usr/lib/ripperx:");
+	    strcat(debian_path, getenv("PATH"));
+	    setenv("PATH", debian_path, 1);
+	  }
 	// end Debian modifications
 
 	// parse/expand program command