diff -u ssmtp-2.61/debian/changelog ssmtp-2.61/debian/changelog
--- ssmtp-2.61/debian/changelog
+++ ssmtp-2.61/debian/changelog
@@ -1,3 +1,16 @@
+ssmtp (2.61-13ubuntu1.1) hardy-security; urgency=low
+
+  * SECURITY UPDATE: allow remote attackers to obtain sensitive 
+    information (LP: #278978)
+    - debian/patches/02-CVE-2008-3962: adjust in ssmtp.c to fix 
+      unitialized memory disclosure.
+    - CVE-2008-3962
+  * SECURITY UPDATE: Buffer overflow (LP: #282424)
+    - debian/patches/03_fix_buffer_overflow: adjust ssmtp.c to fix 
+      a buffer overflow with using 2 bytes in length instead of one in buffer.
+
+ -- Nicolas Valcárcel <nvalcarcel@ubuntu.com>  Wed, 22 Oct 2008 14:32:59 -0500
+
 ssmtp (2.61-13ubuntu1) hardy; urgency=low
 
   * Merge from Debian unstable. Remaining Ubuntu changes:
only in patch2:
unchanged:
--- ssmtp-2.61.orig/debian/patches/02-CVE-2008-3962.dpatch
+++ ssmtp-2.61/debian/patches/02-CVE-2008-3962.dpatch
@@ -0,0 +1,22 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 02-CVE-2008-3962.dpatch by Nicolas Valcárcel <nvalcarcel@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad ssmtp-2.61~/ssmtp.c ssmtp-2.61/ssmtp.c
+--- ssmtp-2.61~/ssmtp.c	2008-10-22 14:16:29.000000000 -0500
++++ ssmtp-2.61/ssmtp.c	2008-10-22 14:31:57.000000000 -0500
+@@ -483,6 +483,11 @@
+ 				die("from_format() -- snprintf() failed");
+ 			}
+ 		}
++		else {
++			if(snprintf(buf, BUF_SZ, "%s", str) == -1) {
++				die("from_format() -- snprintf() failed");
++			}
++		}
+ 	}
+ 
+ #if 0
only in patch2:
unchanged:
--- ssmtp-2.61.orig/debian/patches/03_fix_buffer_overflow.dpatch
+++ ssmtp-2.61/debian/patches/03_fix_buffer_overflow.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 03_fix_buffer_overflow.dpatch by Nicolas Valcárcel <nvalcarcel@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad ssmtp-2.61~/ssmtp.c ssmtp-2.61/ssmtp.c
+--- ssmtp-2.61~/ssmtp.c	2008-10-22 14:16:29.000000000 -0500
++++ ssmtp-2.61/ssmtp.c	2008-10-22 14:29:28.000000000 -0500
+@@ -1361,7 +1361,7 @@
+ 	ssize_t outbytes = 0;
+ 
+ 	va_start(ap, format);
+-	if(vsnprintf(buf, (BUF_SZ - 2), format, ap) == -1) {
++	if(vsnprintf(buf, BUF_SZ, format, ap) == -1) {
+ 		die("smtp_write() -- vsnprintf() failed");
+ 	}
+ 	va_end(ap);