diff -u ufraw-0.19.2/debian/changelog ufraw-0.19.2/debian/changelog
--- ufraw-0.19.2/debian/changelog
+++ ufraw-0.19.2/debian/changelog
@@ -1,3 +1,24 @@
+ufraw (0.19.2-2ubuntu1) saucy; urgency=low
+
+  * Merge from Debian unstable. (LP: #1223563) Remaining changes:
+    - debian/control:
+      + B-D on libtiff-dev rather than libtiff5-dev | libtiff-dev.
+      + B-D on libjpeg-dev rather than libjpeg8-dev | libjpeg-dev.
+  * Dropped following changes, already fixed in Debian:
+    - B-D on liblensfun-dev (>= 0.2.5) rather than (> 0.2.5).
+  * This upload contains security fixes:
+    - CVE-2013-1438
+
+ -- Artur Rona <ari-tczew@tlen.pl>  Tue, 10 Sep 2013 22:55:02 +0200
+
+ufraw (0.19.2-2) unstable; urgency=low
+
+  * debian/control: fix deprecated version dependency format
+  * dcraw.cc: data check patch from libraw
+    (closes: #721234, CVE-2013-1438)
+
+ -- Hubert Chathi <uhoreg@debian.org>  Sun, 01 Sep 2013 00:19:30 -0400
+
 ufraw (0.19.2-1ubuntu1) saucy; urgency=low
 
   * Reinstate Ubuntu changes in debian/control:
only in patch2:
unchanged:
--- ufraw-0.19.2.orig/dcraw.cc
+++ ufraw-0.19.2/dcraw.cc
@@ -5330,6 +5330,7 @@
 	  data_offset = get4()+base;
 	  ifd++;  break;
 	}
+	if(len > 1000) len=1000; /* 1000 SubIFDs is enough */
 	while (len--) {
 	  i = ftell(ifp);
 	  fseek (ifp, get4()+base, SEEK_SET);
@@ -5543,7 +5544,7 @@
 	break;
       case 50715:			/* BlackLevelDeltaH */
       case 50716:			/* BlackLevelDeltaV */
-	for (num=i=0; i < (int) len; i++)
+	for (num=i=0; i < (int) len && i < 65536; i++)
 	  num += getreal(type);
 	black += num/len + 0.5;
 	break;
@@ -5669,9 +5670,12 @@
   if (thumb_offset) {
     fseek (ifp, thumb_offset, SEEK_SET);
     if (ljpeg_start (&jh, 1)) {
-      thumb_misc   = jh.bits;
-      thumb_width  = jh.wide;
-      thumb_height = jh.high;
+     if((unsigned)jh.bits<17 && (unsigned)jh.wide < 0x10000 && (unsigned)jh.high < 0x10000)
+       {
+         thumb_misc   = jh.bits;
+         thumb_width  = jh.wide;
+         thumb_height = jh.high;
+       }
     }
   }
   for (i=0; i < (int) tiff_nifds; i++) {
@@ -5679,7 +5683,8 @@
 	max_samp = tiff_ifd[i].samples;
     if (max_samp > 3) max_samp = 3;
     if ((tiff_ifd[i].comp != 6 || tiff_ifd[i].samples != 3) &&
-	(tiff_ifd[i].width | tiff_ifd[i].height) < 0x10000 &&
+	unsigned(tiff_ifd[i].width | tiff_ifd[i].height) < 0x10000 &&
+	(unsigned)tiff_ifd[i].bps < 33 && (unsigned)tiff_ifd[i].samples < 13 &&
 	tiff_ifd[i].width*tiff_ifd[i].height > raw_width*raw_height) {
       raw_width     = tiff_ifd[i].width;
       raw_height    = tiff_ifd[i].height;
@@ -5763,6 +5768,8 @@
       is_raw = 0;
   for (i=0; i < (int) tiff_nifds; i++)
     if (i != raw && tiff_ifd[i].samples == max_samp &&
+	tiff_ifd[i].bps>0 && tiff_ifd[i].bps < 33 &&
+	unsigned(tiff_ifd[i].width | tiff_ifd[i].height) < 0x10000 &&
 	tiff_ifd[i].width * tiff_ifd[i].height / SQR(tiff_ifd[i].bps+1) >
 	      (int)(thumb_width *       thumb_height / SQR(thumb_misc+1))
 	&& tiff_ifd[i].comp != 34892) {