diff -Nru vlc-1.1.4/debian/changelog vlc-1.1.4/debian/changelog
--- vlc-1.1.4/debian/changelog	2011-04-14 05:23:55.000000000 +0200
+++ vlc-1.1.4/debian/changelog	2011-06-11 21:19:31.000000000 +0200
@@ -1,3 +1,13 @@
+vlc (1.1.4-1ubuntu1.6) maverick-security; urgency=low
+
+  * SECURITY UPDATE: Integer overflow in XSPF playlist parser (LP: #795410)
+    - debian/patches/fix-xspf-integer-overflow.patch: Fix realloc() integer
+      overflow, thanks to Rémi Denis-Courmont
+    - CVE-2011-2194
+    - VideoLAN-SA-1104
+
+ -- Benjamin Drung <bdrung@ubuntu.com>  Sat, 11 Jun 2011 21:17:55 +0200
+
 vlc (1.1.4-1ubuntu1.5) maverick-security; urgency=low
 
   * SECURITY UPDATE: arbitrary code execution via crafted width
diff -Nru vlc-1.1.4/debian/patches/fix-xspf-integer-overflow.patch vlc-1.1.4/debian/patches/fix-xspf-integer-overflow.patch
--- vlc-1.1.4/debian/patches/fix-xspf-integer-overflow.patch	1970-01-01 01:00:00.000000000 +0100
+++ vlc-1.1.4/debian/patches/fix-xspf-integer-overflow.patch	2011-06-11 21:16:36.000000000 +0200
@@ -0,0 +1,16 @@
+From: Rémi Denis-Courmont <remi@remlab.net>
+Subject: XSPF: fix realloc() integer overflow
+Origin: upstream, http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=74d34b63fdda947c4e92f19e43cac0c51aabc4d7
+
+--- a/modules/demux/playlist/xspf.c
++++ b/modules/demux/playlist/xspf.c
+@@ -504,7 +504,8 @@
+                     }
+                     free( psz_uri );
+ 
+-                    if( p_sys->i_track_id < 0 )
++                    if( p_sys->i_track_id < 0
++                     || p_sys->i_track_id >= (SIZE_MAX / sizeof(p_new_input)) )
+                     {
+                         input_item_node_AppendNode( p_input_node, p_new_node );
+                         vlc_gc_decref( p_new_input );
diff -Nru vlc-1.1.4/debian/patches/series vlc-1.1.4/debian/patches/series
--- vlc-1.1.4/debian/patches/series	2011-04-14 05:20:35.000000000 +0200
+++ vlc-1.1.4/debian/patches/series	2011-06-11 21:17:15.000000000 +0200
@@ -7,3 +7,4 @@
 mkv-input-validation.diff
 CVE-2010-327x.patch
 CVE-2011-1684.patch
+fix-xspf-integer-overflow.patch