diff -u vlc-1.0.6/debian/changelog vlc-1.0.6/debian/changelog
--- vlc-1.0.6/debian/changelog
+++ vlc-1.0.6/debian/changelog
@@ -1,3 +1,13 @@
+vlc (1.0.6-1ubuntu1.2) lucid-security; urgency=low
+
+  * SECURITY UPDATE: Insufficient input validation in VLC TagLib plugin
+    (LP: #616510).
+    - debian/patches/CVE-2010-2937.patch: fix NULL deferences after dynamic
+      cast, thanks to Lukáš Lalinský
+    - CVE-2010-2937
+
+ -- Benjamin Drung <bdrung@ubuntu.com>  Tue, 17 Aug 2010 17:14:14 +0200
+
 vlc (1.0.6-1ubuntu1.1) lucid-proposed; urgency=low
 
   * debian/vlc{,-nox}.install:
diff -u vlc-1.0.6/debian/patches/series vlc-1.0.6/debian/patches/series
--- vlc-1.0.6/debian/patches/series
+++ vlc-1.0.6/debian/patches/series
@@ -17,0 +18 @@
+CVE-2010-2937.patch
only in patch2:
unchanged:
--- vlc-1.0.6.orig/debian/patches/CVE-2010-2937.patch
+++ vlc-1.0.6/debian/patches/CVE-2010-2937.patch
@@ -0,0 +1,43 @@
+From: Lukáš Lalinský <lalinsky@gmail.com>
+Date: Wed, 11 Aug 2010 19:02:30 +0000 (+0300)
+Subject: taglib: fix NULL deferences after dynamic cast
+X-Git-Url: http://git.videolan.org/?p=vlc%2Fvlc-1.0.git;a=commitdiff_plain;h=22a22e356c9d93993086810b2e25b59b55925b3a
+
+taglib: fix NULL deferences after dynamic cast
+
+Reported-by: FortiGuard Lab
+Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
+(cherry picked from commit 0a3d05b4058fe683e2ef49da8ece9214ade01870)
+---
+
+diff --git a/modules/meta_engine/taglib.cpp b/modules/meta_engine/taglib.cpp
+index 43ac697..9faf922 100644
+--- a/modules/meta_engine/taglib.cpp
++++ b/modules/meta_engine/taglib.cpp
+@@ -120,6 +120,8 @@ static void ReadMetaFromId3v2( ID3v2::Tag* tag, demux_t* p_demux, demux_meta_t*
+     {
+         ID3v2::UniqueFileIdentifierFrame* p_ufid =
+                 dynamic_cast<ID3v2::UniqueFileIdentifierFrame*>(*iter);
++        if( !p_ufid )
++            continue;
+         const char *owner = p_ufid->owner().toCString();
+         if (!strcmp( owner, "http://musicbrainz.org" ))
+         {
+@@ -140,6 +142,8 @@ static void ReadMetaFromId3v2( ID3v2::Tag* tag, demux_t* p_demux, demux_meta_t*
+     {
+         ID3v2::UserTextIdentificationFrame* p_txxx =
+                 dynamic_cast<ID3v2::UserTextIdentificationFrame*>(*iter);
++        if( !p_txxx )
++            continue;
+         vlc_meta_AddExtra( p_meta, p_txxx->description().toCString( true ),
+                            p_txxx->fieldList().toString().toCString( true ) );
+     }
+@@ -196,6 +200,8 @@ static void ReadMetaFromId3v2( ID3v2::Tag* tag, demux_t* p_demux, demux_meta_t*
+     {
+         ID3v2::AttachedPictureFrame* p_apic =
+             dynamic_cast<ID3v2::AttachedPictureFrame*>(*iter);
++        if( !p_apic )
++            continue;
+         input_attachment_t *p_attachment;
+ 
+         const char *psz_mime;