diff -u ssmtp-2.62/debian/patches/series ssmtp-2.62/debian/patches/series
--- ssmtp-2.62/debian/patches/series
+++ ssmtp-2.62/debian/patches/series
@@ -2,0 +3 @@
+02-CVE-2008-3962
diff -u ssmtp-2.62/debian/changelog ssmtp-2.62/debian/changelog
--- ssmtp-2.62/debian/changelog
+++ ssmtp-2.62/debian/changelog
@@ -1,3 +1,10 @@
+ssmtp (2.62-1ubuntu2) intrepid; urgency=low
+
+  * Added patch 02-CVE-2008-3962 taken from Debian BTS
+    to fix a potential remote attack. (LP: #278978)
+
+ -- Stefan Ebner <sebner@ubuntu.com>  Tue, 07 Oct 2008 16:22:39 +0200
+
 ssmtp (2.62-1ubuntu1) intrepid; urgency=low
 
   * Merge from Debian unstable. (LP: #231370) Remaining Ubuntu changes:
only in patch2:
unchanged:
--- ssmtp-2.62.orig/debian/patches/02-CVE-2008-3962
+++ ssmtp-2.62/debian/patches/02-CVE-2008-3962
@@ -0,0 +1,16 @@
+Index: ssmtp-2.62/ssmtp.c
+===================================================================
+--- ssmtp-2.62.orig/ssmtp.c	2008-10-02 14:15:39.000000000 +0200
++++ ssmtp-2.62/ssmtp.c	2008-10-02 14:15:41.000000000 +0200
+@@ -485,6 +485,11 @@
+ 				die("from_format() -- snprintf() failed");
+ 			}
+ 		}
++		else {
++			if(snprintf(buf, BUF_SZ, "%s", str) == -1) {
++				die("from_format() -- snprintf() failed");
++			}
++		}
+ 	}
+ 
+ #if 0