diff -u yarssr-0.2.2/debian/changelog yarssr-0.2.2/debian/changelog
--- yarssr-0.2.2/debian/changelog
+++ yarssr-0.2.2/debian/changelog
@@ -1,3 +1,12 @@
+yarssr (0.2.2-1ubuntu0.6.10) edgy-security; urgency=low
+
+  * SECURITY UPDATE: code execution through malicious URLs (LP: #162351)
+  * Add debian/patches/code-injection-fix.dpatch: Thanks to Debian.
+  * References 
+    CVE-2007-5837
+
+ -- William Grant <william.grant@ubuntu.org.au>  Tue, 13 Nov 2007 18:38:33 +1100
+
 yarssr (0.2.2-1) unstable; urgency=low
 
   * New upstream release
diff -u yarssr-0.2.2/debian/control yarssr-0.2.2/debian/control
--- yarssr-0.2.2/debian/control
+++ yarssr-0.2.2/debian/control
@@ -1,7 +1,8 @@
 Source: yarssr
 Section: net
 Priority: optional
-Maintainer: Joachim Breitner <nomeata@debian.org>
+Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
+XSBC-Original-Maintainer: Joachim Breitner <nomeata@debian.org>
 Build-Depends-Indep: debhelper (>= 4.0.0), dpatch
 Standards-Version: 3.6.1
 
diff -u yarssr-0.2.2/debian/patches/00list yarssr-0.2.2/debian/patches/00list
--- yarssr-0.2.2/debian/patches/00list
+++ yarssr-0.2.2/debian/patches/00list
@@ -6,0 +7 @@
+code-injection-fix
only in patch2:
unchanged:
--- yarssr-0.2.2.orig/debian/patches/code-injection-fix.dpatch
+++ yarssr-0.2.2/debian/patches/code-injection-fix.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## code-injection-fix.dpatch by Joachim Breitner <nomeata@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad yarssr-0.2.2~/lib/Yarssr/GUI.pm yarssr-0.2.2/lib/Yarssr/GUI.pm
+--- yarssr-0.2.2~/lib/Yarssr/GUI.pm	2007-10-31 12:40:08.000000000 +0100
++++ yarssr-0.2.2/lib/Yarssr/GUI.pm	2007-10-31 12:42:17.958217449 +0100
+@@ -164,7 +164,7 @@
+ 		else {
+ 			my $b = Yarssr::Config->get_browser;
+ 			$b .= " \"$url\"" unless $b =~ s/\%s/"$url"/;
+-			exec($b) or warn "unable to launch browser\n";
++			exec(split(' ',$b)) or warn "unable to launch browser\n";
+ 			exit;
+ 		}
+ 	}