diff -u ssmtp-2.61/debian/control ssmtp-2.61/debian/control
--- ssmtp-2.61/debian/control
+++ ssmtp-2.61/debian/control
@@ -1,7 +1,8 @@
 Source: ssmtp
 Section: mail
 Priority: extra
-Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
+Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
+XSBC-Original-Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
 Uploaders: Santiago Ruano Rincon <santiago@unicauca.edu.co>
 Build-Depends: po-debconf, libssl-dev
 Standards-Version: 3.6.2
diff -u ssmtp-2.61/debian/changelog ssmtp-2.61/debian/changelog
--- ssmtp-2.61/debian/changelog
+++ ssmtp-2.61/debian/changelog
@@ -1,3 +1,16 @@
+ssmtp (2.61-5ubuntu0.1) dapper-security; urgency=low
+
+  * SECURITY UPDATE: allow remote attackers to obtain sensitive
+    information (LP: #278978)
+    - debian/patches/02-CVE-2008-3962: adjust in ssmtp.c to fix
+      unitialized memory disclosure.
+    - CVE-2008-3962
+  * SECURITY UPDATE: Buffer overflow (LP: #282424)
+    - debian/patches/03_fix_buffer_overflow: adjust ssmtp.c to fix
+      a buffer overflow with using 2 bytes in length instead of one in buffer.
+
+ -- Nicolas Valcárcel <nvalcarcel@ubuntu.com>  Wed, 22 Oct 2008 14:32:59 -0500
+
 ssmtp (2.61-5) unstable; urgency=high
 
   * Fixed "broken pipe -- ssmtp exits before end of input", closes:
diff -u ssmtp-2.61/debian/rules ssmtp-2.61/debian/rules
--- ssmtp-2.61/debian/rules
+++ ssmtp-2.61/debian/rules
@@ -7,6 +7,8 @@
 CC=gcc
 CFLAGS=-O2 -g -Wall
 
+include /usr/share/dpatch/dpatch.make
+
 do_cfg:
 	test -f Makefile || ./configure --exec-prefix="/usr" --prefix="" --enable-ssl --with-cflags="$(CFLAGS)"
 
only in patch2:
unchanged:
--- ssmtp-2.61.orig/debian/patches/02-CVE-2008-3962.dpatch
+++ ssmtp-2.61/debian/patches/02-CVE-2008-3962.dpatch
@@ -0,0 +1,22 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 02-CVE-2008-3962.dpatch by Nicolas Valcárcel <nvalcarcel@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad ssmtp-2.61~/ssmtp.c ssmtp-2.61/ssmtp.c
+--- ssmtp-2.61~/ssmtp.c	2008-10-22 14:16:29.000000000 -0500
++++ ssmtp-2.61/ssmtp.c	2008-10-22 14:31:57.000000000 -0500
+@@ -483,6 +483,11 @@
+ 				die("from_format() -- snprintf() failed");
+ 			}
+ 		}
++		else {
++			if(snprintf(buf, BUF_SZ, "%s", str) == -1) {
++				die("from_format() -- snprintf() failed");
++			}
++		}
+ 	}
+ 
+ #if 0
only in patch2:
unchanged:
--- ssmtp-2.61.orig/debian/patches/03_fix_buffer_overflow.dpatch
+++ ssmtp-2.61/debian/patches/03_fix_buffer_overflow.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 03_fix_buffer_overflow.dpatch by Nicolas Valcárcel <nvalcarcel@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad ssmtp-2.61~/ssmtp.c ssmtp-2.61/ssmtp.c
+--- ssmtp-2.61~/ssmtp.c	2008-10-22 14:16:29.000000000 -0500
++++ ssmtp-2.61/ssmtp.c	2008-10-22 14:29:28.000000000 -0500
+@@ -1361,7 +1361,7 @@
+ 	ssize_t outbytes = 0;
+ 
+ 	va_start(ap, format);
+-	if(vsnprintf(buf, (BUF_SZ - 2), format, ap) == -1) {
++	if(vsnprintf(buf, BUF_SZ, format, ap) == -1) {
+ 		die("smtp_write() -- vsnprintf() failed");
+ 	}
+ 	va_end(ap);