diff -u wesnoth-1.1+reverted+to+1.0.2/debian/changelog wesnoth-1.1+reverted+to+1.0.2/debian/changelog
--- wesnoth-1.1+reverted+to+1.0.2/debian/changelog
+++ wesnoth-1.1+reverted+to+1.0.2/debian/changelog
@@ -1,3 +1,16 @@
+wesnoth (1.1+reverted+to+1.0.2-0ubuntu1.1) dapper-security; urgency=low
+
+  * SECURITY UPDATE: Fix insecure truncate of a multibyte chat message that
+    can lead to invalid utf-8 and throw an uncaught exception.  Both wesnoth
+    client and server are affected.
+  * debian/patches/CVE-2007-3917: added, taken from Debian.
+  * debian/rules: include simple-patchsys rule.
+  * debian/control: update Maintainer field as per spec.
+  * References: CVE-2007-3917.
+    LP: #158414.
+
+ -- Emilio Pozuelo Monfort <pochu@ubuntu.com>  Mon, 29 Oct 2007 20:05:53 +0100
+
 wesnoth (1.1+reverted+to+1.0.2-0ubuntu1) dapper; urgency=low
 
   * Revert to 1.0.2 to use stable upstream releases instead of development
diff -u wesnoth-1.1+reverted+to+1.0.2/debian/rules wesnoth-1.1+reverted+to+1.0.2/debian/rules
--- wesnoth-1.1+reverted+to+1.0.2/debian/rules
+++ wesnoth-1.1+reverted+to+1.0.2/debian/rules
@@ -2,6 +2,7 @@
 
 include /usr/share/cdbs/1/rules/debhelper.mk
 include /usr/share/cdbs/1/class/autotools.mk
+include /usr/share/cdbs/1/rules/simple-patchsys.mk
 
 DEB_CONFIGURE_EXTRA_FLAGS := --bindir=/usr/games --with-localedir=/usr/share/locale --with-fifodir=/var/run/wesnothd --with-datadir-name=wesnoth --datadir=/usr/share/games --enable-editor --enable-server
 DEB_INSTALL_CHANGELOGS_ALL := changelog
diff -u wesnoth-1.1+reverted+to+1.0.2/debian/control wesnoth-1.1+reverted+to+1.0.2/debian/control
--- wesnoth-1.1+reverted+to+1.0.2/debian/control
+++ wesnoth-1.1+reverted+to+1.0.2/debian/control
@@ -1,7 +1,8 @@
 Source: wesnoth
 Section: games
 Priority: optional
-Maintainer: Isaac Clerencia <isaac@debian.org>
+Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
+XSBC-Original-Maintainer: Isaac Clerencia <isaac@debian.org>
 Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.2.21), libsdl-image1.2-dev, libfreetype6-dev, libsdl-mixer1.2-dev, libsdl-net1.2-dev
 Standards-Version: 3.6.2
 Uploaders: Cyril Bouthors <cyril@bouthors.org>
only in patch2:
unchanged:
--- wesnoth-1.1+reverted+to+1.0.2.orig/debian/patches/CVE-2007-3917.patch
+++ wesnoth-1.1+reverted+to+1.0.2/debian/patches/CVE-2007-3917.patch
@@ -0,0 +1,59 @@
+diff -Nur wesnoth-1.2/src/display.cpp wesnoth-1.2.new/src/display.cpp
+--- wesnoth-1.2/src/display.cpp	2006-11-05 18:20:46.000000000 +0100
++++ wesnoth-1.2.new/src/display.cpp	2007-10-03 12:28:11.000000000 +0200
+@@ -2180,7 +2180,15 @@
+ 		msg = message;
+ 		action = false;
+ 	}
+-	msg = font::word_wrap_text(msg,font::SIZE_SMALL,mapx()*3/4);
++
++	try {
++		// We've had a joker who send an invalid utf-8 message to crash clients
++		// so now catch the exception and ignore the message.
++		msg = font::word_wrap_text(msg,font::SIZE_SMALL,mapx()*3/4);
++	} catch (utils::invalid_utf8_exception&) {
++		LOG_STREAM(err, engine) << "Invalid utf-8 found, chat message is ignored.\n";
++		return;
++	}
+ 
+ 	int ypos = chat_message_x;
+ 	for(std::vector<chat_message>::const_iterator m = chat_messages_.begin(); m != chat_messages_.end(); ++m) {
+diff -Nur wesnoth-1.2/src/map_label.cpp wesnoth-1.2.new/src/map_label.cpp
+--- wesnoth-1.2/src/map_label.cpp	2006-09-09 14:10:31.000000000 +0200
++++ wesnoth-1.2.new/src/map_label.cpp	2007-10-03 12:28:11.000000000 +0200
+@@ -88,10 +88,14 @@
+ 
+ void map_labels::set_label(const gamemap::location& loc, const std::string& str, const SDL_Color colour)
+ {
+-	std::string text = str;
+-	if(text.size() > max_label_size) {
+-		text.resize(max_label_size);
++	// The actual data is wide_strings so test in wide_string mode
++	// also cutting a wide_string at an arbritary place gives odd 
++	// problems. 
++	wide_string tmp = utils::string_to_wstring(str);
++	if(tmp.size() > max_label_size) {
++		tmp.resize(max_label_size);
+ 	}
++	std::string text = utils::wstring_to_string(tmp);
+ 
+ 	const label_map::iterator current_label = labels_.find(loc);
+ 	if(current_label != labels_.end()) {
+diff -Nur wesnoth-1.2/src/server/server.cpp wesnoth-1.2.new/src/server/server.cpp
+--- wesnoth-1.2/src/server/server.cpp	2006-10-26 17:07:17.000000000 +0200
++++ wesnoth-1.2.new/src/server/server.cpp	2007-10-03 12:38:39.000000000 +0200
+@@ -76,9 +76,11 @@
+ void truncate_message(t_string& str)
+ {
+ 	const size_t max_message_length = 240;
+-	std::string newstr = str.str();
+-	newstr.resize(minimum<size_t>(str.size(),max_message_length));
+-	str = newstr;
++	// The string send can contain utf-8 so truncate as wide_string otherwise
++	// an corrupted utf-8 string can be returned.
++	wide_string newstr = utils::string_to_wstring(str.str());
++	newstr.resize(minimum<size_t>(newstr.size(),max_message_length));
++	str = utils::wstring_to_string(newstr);
+ }
+ 
+ }