diff -u wzdftpd-0.6.1/debian/changelog wzdftpd-0.6.1/debian/changelog
--- wzdftpd-0.6.1/debian/changelog
+++ wzdftpd-0.6.1/debian/changelog
@@ -1,3 +1,22 @@
+wzdftpd (0.6.1-1ubuntu1.1) dapper-security; urgency=low
+
+  * SECURITY UPDATE: Off-by-one error in the do_login_loop function in i
+    libwzd-core/wzd_login.c in wzdftpd 0.8.2 and earlier allows remote attackers
+    to cause a denial of service (daemon crash) via a long USER command 
+    that triggers a stack-based buffer overflow. NOTE: some of these details are 
+    obtained from third party information. (CVE-2007-5300)
+  * SECURITY UPDATE: Unspecified vulnerability in the chtbl_lookup function in hash.c for 
+    WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via 
+    a crafted FTP command, probably due to a NULL pointer dereference. (CVE-2007-0428)
+  * libwzd-core/wzd_ClientThread.c: Applied fix to fix this issue, inspired by Nico Golde
+  * libwzd-base/hash.c: Applied fix to fix this issue (checked key variable, backported from 0.8.2 version)
+  * References:
+    CVE-2007-5300
+    CVE-2007-0428
+    http://security-tracker.debian.net/tracker/source-package/wzdftpd
+
+ -- Stephan Hermann <sh@sourcecode.de>  Fri, 12 Oct 2007 22:20:59 +0200
+
 wzdftpd (0.6.1-1ubuntu1) dapper; urgency=low
 
   * Fix up versioned deps for itself.
only in patch2:
unchanged:
--- wzdftpd-0.6.1.orig/libwzd-core/wzd_ClientThread.c
+++ wzdftpd-0.6.1/libwzd-core/wzd_ClientThread.c
@@ -3470,7 +3470,7 @@
     }
 
     /* this replace the memset (bzero ?) some lines before */
-    buffer[ret] = '\0';
+    buffer[ret-1] = '\0';
 
     if (buffer[0]=='\0') continue;
 
@@ -3575,7 +3575,7 @@
     }
 
     /* this replace the memset (bzero ?) some lines before */
-    buffer[ret] = '\0';
+    buffer[ret-1] = '\0';
 
     if (buffer[0]=='\0') continue;
 
@@ -3993,7 +3993,7 @@
     }
 
     /* this replace the memset (bzero ?) some lines before */
-    buffer[ret] = '\0';
+    buffer[ret-1] = '\0';
 
     if (buffer[0]=='\0') continue;
 
only in patch2:
unchanged:
--- wzdftpd-0.6.1.orig/libwzd-base/hash.c
+++ wzdftpd-0.6.1/libwzd-base/hash.c
@@ -171,6 +171,8 @@
   CHTBL_Elmnt *entry;
   unsigned int index;
 
+  if (key == NULL) return -1;
+	
   index = htab->h(key) % htab->containers;
 
   for (element=list_head(&htab->table[index]); element != NULL; element = list_next(element))