diff --git a/debian/changelog b/debian/changelog
index a05ad6f..1e28775 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+wesnoth-1.10 (1:1.10.7-1ubuntu0.14.04.1) trusty-security; urgency=low
+
+  * SECURITY UPDATE: Pull af61f9fd from upstream to fix "Private file
+    disclosure through get_wml_location()" (CVE-2015-0844)
+
+ -- Rhonda D'Vine <rhonda@debian.org>  Fri, 17 Apr 2015 23:57:16 +0200
+
 wesnoth-1.10 (1:1.10.7-1) unstable; urgency=low
 
   * New upstream stable release.
diff --git a/debian/control b/debian/control
index d60ef6f..c087f39 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Build-Depends: debhelper (>= 7), libsdl-image1.2-dev, libfreetype6-dev,
   libboost-program-options-dev,
   libpango1.0-dev, cmake (>= 2.6)
 Standards-Version: 3.9.4
-Uploaders: Gerfried Fuchs <rhonda@debian.org>,
+Uploaders: Rhonda D'Vine <rhonda@debian.org>,
   Vincent Cheng <Vincentc1208@gmail.com>
 Homepage: http://wesnoth.org/
 Vcs-Git: git://anonscm.debian.org/pkg-games/wesnoth.git
diff --git a/debian/control.in b/debian/control.in
index 19aff1b..645856b 100644
--- a/debian/control.in
+++ b/debian/control.in
@@ -10,7 +10,7 @@ Build-Depends: debhelper (>= 7), libsdl-image1.2-dev, libfreetype6-dev,
   libboost-program-options-dev,
   libpango1.0-dev, cmake (>= 2.6)
 Standards-Version: 3.9.4
-Uploaders: Gerfried Fuchs <rhonda@debian.org>,
+Uploaders: Rhonda D'Vine <rhonda@debian.org>,
   Vincent Cheng <Vincentc1208@gmail.com>
 Homepage: http://wesnoth.org/
 Vcs-Git: git://anonscm.debian.org/pkg-games/wesnoth.git
diff --git a/debian/patches/af61f9fdd15cd439da9e2fe5fa39d174c923eaae.patch b/debian/patches/af61f9fdd15cd439da9e2fe5fa39d174c923eaae.patch
new file mode 100644
index 0000000..5c2d675
--- /dev/null
+++ b/debian/patches/af61f9fdd15cd439da9e2fe5fa39d174c923eaae.patch
@@ -0,0 +1,53 @@
+From af61f9fdd15cd439da9e2fe5fa39d174c923eaae Mon Sep 17 00:00:00 2001
+From: "Ignacio R. Morelle" <shadowm@wesnoth.org>
+Date: Fri, 16 May 2014 01:45:18 -0400
+Subject: [PATCH] fs: Use game data path to resolve ./ in the absence of a
+ current_dir
+
+Fixes a file content disclosure bug (#22042) affecting functionality
+relying on the get_wml_location() function and not passing a non-empty
+value for the current_dir parameter.
+
+See <https://gna.org/bugs/?22042> for details.
+
+This is a candidate for the 1.10 and 1.12 branches.
+
+(Backported from master, commit 314425ab0e57b32909d324f7d4bf213d62cbd3b5.)
+---
+ changelog          |  1 +
+ src/filesystem.cpp | 14 ++++++++++++--
+ 2 files changed, 13 insertions(+), 2 deletions(-)
+
+--- a/src/filesystem.cpp
++++ b/src/filesystem.cpp
+@@ -1170,8 +1170,18 @@ std::string get_wml_location(const std::
+ 	else if (filename.size() >= 2 && filename[0] == '.' && filename[1] == '/')
+ 	{
+ 		// If the filename begins with a "./", look in the same directory
+-		// as the file currrently being preprocessed.
+-		result = current_dir + filename.substr(2);
++		// as the file currently being preprocessed.
++
++		if (!current_dir.empty())
++		{
++			result = current_dir;
++		}
++		else
++		{
++			result = game_config::path;
++		}
++
++		result += filename.substr(2);
+ 	}
+ 	else if (!game_config::path.empty())
+ 		result = game_config::path + "/data/" + filename;
+--- a/changelog
++++ b/changelog
+@@ -208,6 +208,7 @@ Version 1.10.2:
+    * Made the Wolf raise its head if and only if it is submerged
+    * Fixed bug #19505: broken stone bridge transitions
+    * Backported: The Pandora scaling speedup patches
++   * Fix bug #22042: filesystem content disclosure issue affecting Lua APIs
+ 
+ Version 1.10.1:
+  * Add-ons server:
diff --git a/debian/patches/series b/debian/patches/series
index 57b6465..9b0fc18 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 02wesnoth-nolog-desktop-file
 03wesnothd-name
+af61f9fdd15cd439da9e2fe5fa39d174c923eaae.patch