diff -u vlc-0.8.6-svn20061012.debian/debian/changelog vlc-0.8.6-svn20061012.debian/debian/changelog
--- vlc-0.8.6-svn20061012.debian/debian/changelog
+++ vlc-0.8.6-svn20061012.debian/debian/changelog
@@ -1,3 +1,18 @@
+vlc (0.8.6-svn20061012.debian-1ubuntu1.3) edgy-security; urgency=low
+
+  * SECURITY UPDATE: (LP: #207284)
+   + debian/patches/031_CVE-2008-1489.diff
+    - Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c allows
+      remote attackers to cause a denial of service (crash) and possibly 
+      execute arbitrary code via a crafted MP4 RDRF box that triggers a 
+      heap-based buffer overflow.
+
+  * References
+   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1489
+   + http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a
+
+ -- Emanuele Gentili <emgent@emanuele-gentili.com>  Tue, 01 Apr 2008 03:34:14 +0200
+
 vlc (0.8.6-svn20061012.debian-1ubuntu1.2) edgy-security; urgency=low
 
   * SECURITY UPDATE: 
diff -u vlc-0.8.6-svn20061012.debian/debian/patches/series vlc-0.8.6-svn20061012.debian/debian/patches/series
--- vlc-0.8.6-svn20061012.debian/debian/patches/series
+++ vlc-0.8.6-svn20061012.debian/debian/patches/series
@@ -9,0 +10 @@
+031_CVE-2008-1489.diff
only in patch2:
unchanged:
--- vlc-0.8.6-svn20061012.debian.orig/debian/patches/031_CVE-2008-1489.diff
+++ vlc-0.8.6-svn20061012.debian/debian/patches/031_CVE-2008-1489.diff
@@ -0,0 +1,20 @@
+Index: vlc-0.8.6-svn20061012.debian/modules/demux/mp4/libmp4.c
+===================================================================
+--- vlc-0.8.6-svn20061012.debian.orig/modules/demux/mp4/libmp4.c	2008-04-01 03:32:35.000000000 +0200
++++ vlc-0.8.6-svn20061012.debian/modules/demux/mp4/libmp4.c	2008-04-01 03:33:33.000000000 +0200
+@@ -1961,10 +1961,14 @@
+     MP4_GETVERSIONFLAGS( p_box->data.p_rdrf );
+     MP4_GETFOURCC( p_box->data.p_rdrf->i_ref_type );
+     MP4_GET4BYTES( i_len );
++    i_len++;
++
+     if( i_len > 0 )
+     {
+         uint32_t i;
+-        p_box->data.p_rdrf->psz_ref = malloc( i_len  + 1);
++        p_box->data.p_rdrf->psz_ref = malloc( i_len );
++      i_len--;
++
+         for( i = 0; i < i_len; i++ )
+         {
+             MP4_GET1BYTE( p_box->data.p_rdrf->psz_ref[i] );