diff -Nru /tmp/1tNJqHufrT/syslog-ng-1.9.11/debian/changelog /tmp/ZcKmz1UQVg/syslog-ng-1.9.11.1.1ubuntu0.1/debian/changelog
--- /tmp/1tNJqHufrT/syslog-ng-1.9.11/debian/changelog	2008-01-15 21:57:06.000000000 -0400
+++ /tmp/ZcKmz1UQVg/syslog-ng-1.9.11.1.1ubuntu0.1/debian/changelog	2008-01-15 21:54:35.000000000 -0400
@@ -1,3 +1,18 @@
+syslog-ng (1.9.11.1.1ubuntu0.1) edgy-security; urgency=low
+
+  * SECURITY UPDATE: Allows remote attackers to cause a denial of service
+      (crash) via a message with a timestamp that does not contain a trailing
+      space, which triggers a NULL pointer dereference.
+  * src/logmsg.c (log_msg_parse): fixed possible NULL pointer dereference
+      in log message parsing, as done in upstream RCS
+  * References:
+     - http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170
+     - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437
+     - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
+  * Closes lp: #183389
+
+ -- Cody A.W. Somerville <cody-somerville@ubuntu.com>  Tue, 15 Jan 2008 17:49:57 -0800
+
 syslog-ng (1.9.11-1.1) unstable; urgency=low
 
   * Non-maintainer upload
diff -Nru /tmp/1tNJqHufrT/syslog-ng-1.9.11/src/logmsg.c /tmp/ZcKmz1UQVg/syslog-ng-1.9.11.1.1ubuntu0.1/src/logmsg.c
--- /tmp/1tNJqHufrT/syslog-ng-1.9.11/src/logmsg.c	2006-04-10 17:29:14.000000000 -0300
+++ /tmp/ZcKmz1UQVg/syslog-ng-1.9.11.1.1ubuntu0.1/src/logmsg.c	2008-01-15 21:51:16.000000000 -0400
@@ -207,7 +207,10 @@
       
       p = memchr(src, ' ', left);
       
-      stamp_length = (p - src);
+      if (p)
+        stamp_length = (p - src);
+      else
+        stamp_length = left;
       
       g_string_assign_len(self->date, src, stamp_length);
       memset(&tm, 0, sizeof(tm));