diff -Nru znc-0.078/debian/changelog znc-0.078/debian/changelog
--- znc-0.078/debian/changelog	2009-12-19 14:59:12.000000000 +0000
+++ znc-0.078/debian/changelog	2012-12-18 06:46:03.000000000 +0000
@@ -1,3 +1,25 @@
+znc (0.078-1ubuntu0.1) lucid-security; urgency=low
+
+  * SECURITY UPDATE: denial of service caused by NULL pointer dereference
+    (LP: #1090195)
+    - debian/patches/cve-2010-2448.patch: modify znc.cpp to prevent NULL
+      pointer dereference.  Based on upstream patch.
+    - CVE-2010-2448
+    - CVE-2010-2488
+  * SECURITY UPDATE: denial of service caused by PING command without
+    arguments (LP: #1090195)
+    - debian/patches/cve-2010-2812.patch: modify Client.cpp to correctly
+      handle PING commands that have no arguments.  Based on upstream patch.
+    - CVE-2010-2812
+  * SECURITY UPDATE: denial of service via unknown vectors related to
+    "unsafe substr() calls" (LP: #1090195)
+    - debian/patches/cve-2010-2934.patch: modify IRCSock.cpp,
+      modules/adminlog.cpp, modules/away.cpp, and modules/email.cpp to
+      remove unsafe substr() calls.  Based on upstream patch.
+    - CVE-2010-2934
+
+ -- Thomas Ward <trekcaptainusa-tw@ubuntu.com>  Tue, 18 Dec 2012 06:29:44 +0000
+
 znc (0.078-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru znc-0.078/debian/control znc-0.078/debian/control
--- znc-0.078/debian/control	2009-12-19 14:59:12.000000000 +0000
+++ znc-0.078/debian/control	2012-12-17 01:28:27.000000000 +0000
@@ -3,7 +3,8 @@
 Priority: optional
 Build-Depends: debhelper (>= 5), libssl-dev, libperl-dev, libc-ares-dev,
  pkg-config, tcl8.5-dev, libsasl2-dev
-Maintainer: Patrick Matthäi <pmatthaei@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Patrick Matthäi <pmatthaei@debian.org>
 Standards-Version: 3.8.3
 Homepage: http://znc.sourceforge.net/
 
diff -Nru znc-0.078/debian/patches/cve-2010-2448.patch znc-0.078/debian/patches/cve-2010-2448.patch
--- znc-0.078/debian/patches/cve-2010-2448.patch	1970-01-01 01:00:00.000000000 +0100
+++ znc-0.078/debian/patches/cve-2010-2448.patch	2012-12-17 18:01:48.000000000 +0000
@@ -0,0 +1,37 @@
+Description: Fixes CVE-2010-2448 and CVE-2010-2488, which address a denial of service vulnerability caused by a NULL pointer dereference.  Backported from upstream patches.
+Origin: upstream, http://znc.svn.sourceforge.net/viewvc/znc/trunk/znc.cpp?r1=2025&r2=2026&pathrev=2026
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1090195
+
+Index: znc-0.078/znc.cpp
+===================================================================
+--- znc-0.078.orig/znc.cpp	2009-11-29 15:17:39.000000000 +0000
++++ znc-0.078/znc.cpp	2012-12-17 00:39:18.071505141 +0000
+@@ -1765,18 +1765,18 @@
+ 	}
+ 
+ 	for (CSockManager::const_iterator it = m_Manager.begin(); it != m_Manager.end(); it++) {
++		CUser *pUser = NULL;
+ 		if ((*it)->GetSockName().Left(5) == "IRC::") {
+-			CIRCSock *p = (CIRCSock *) *it;
+-			ret[p->GetUser()->GetUserName()].first  += p->GetBytesRead();
+-			ret[p->GetUser()->GetUserName()].second += p->GetBytesWritten();
+-			uiUsers_in  += p->GetBytesRead();
+-			uiUsers_out += p->GetBytesWritten();
++			pUser = ((CIRCSock *) *it)->GetUser();
+ 		} else if ((*it)->GetSockName().Left(5) == "USR::") {
+-			CClient *p = (CClient *) *it;
+-			ret[p->GetUser()->GetUserName()].first  += p->GetBytesRead();
+-			ret[p->GetUser()->GetUserName()].second += p->GetBytesWritten();
+-			uiUsers_in  += p->GetBytesRead();
+-			uiUsers_out += p->GetBytesWritten();
++			pUser = ((CClient*) *it)->GetUser();
++		}
++
++		if (pUser) {
++			ret[pUser->GetUserName()].first  += (*it)->GetBytesRead();
++			ret[pUser->GetUserName()].second += (*it)->GetBytesWritten();
++			uiUsers_in  += (*it)->GetBytesRead();
++			uiUsers_out += (*it)->GetBytesWritten();
+ 		} else {
+ 			uiZNC_in  += (*it)->GetBytesRead();
+ 			uiZNC_out += (*it)->GetBytesWritten();
diff -Nru znc-0.078/debian/patches/cve-2010-2812.patch znc-0.078/debian/patches/cve-2010-2812.patch
--- znc-0.078/debian/patches/cve-2010-2812.patch	1970-01-01 01:00:00.000000000 +0100
+++ znc-0.078/debian/patches/cve-2010-2812.patch	2012-12-17 18:02:06.000000000 +0000
@@ -0,0 +1,20 @@
+Description: Fixes CVE-2010-2812, which is related to a denial of service vulnerability within PINGs.  Backported from upstream patches.
+Origin: upstream, http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1090195
+
+Index: znc-0.078/Client.cpp
+===================================================================
+--- znc-0.078.orig/Client.cpp	2009-11-28 18:53:20.000000000 +0000
++++ znc-0.078/Client.cpp	2012-12-17 00:46:38.467505606 +0000
+@@ -193,7 +193,10 @@
+ 		// won't answer the ping (=no server connected) -> PONG back.
+ 		// else: It's the server's job to send a PONG.
+ 		if (sTarget.Equals("irc.znc.in") || !m_pIRCSock) {
+-			PutClient("PONG " + sLine.substr(5));
++			if (sLine.length() >= 5)
++				PutClient("PONG " + sLine.substr(5));
++			else
++				PutClient("PONG");
+ 			return;
+ 		}
+ 	} else if (sCommand.Equals("PONG")) {
diff -Nru znc-0.078/debian/patches/cve-2010-2934.patch znc-0.078/debian/patches/cve-2010-2934.patch
--- znc-0.078/debian/patches/cve-2010-2934.patch	1970-01-01 01:00:00.000000000 +0100
+++ znc-0.078/debian/patches/cve-2010-2934.patch	2012-12-18 06:29:31.000000000 +0000
@@ -0,0 +1,82 @@
+Description: Fixes CVE-2010-2934, which addresses denial of service vulnerabilities caused by "unsafe substr() calls."  Backported from upstream patches.
+Origin: upstream, http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1090195
+
+Index: znc-0.078/IRCSock.cpp
+===================================================================
+--- znc-0.078.orig/IRCSock.cpp	2009-11-24 13:06:25.000000000 +0000
++++ znc-0.078/IRCSock.cpp	2012-12-17 00:48:45.411504912 +0000
+@@ -86,7 +86,7 @@
+ 		return;
+ 	} else if (sLine.Equals("ERROR ", false, 6)) {
+ 		//ERROR :Closing Link: nick[24.24.24.24] (Excess Flood)
+-		CString sError(sLine.substr(7));
++		CString sError(sLine.substr(6));
+ 
+ 		if (sError.Left(1) == ":") {
+ 			sError.LeftChomp();
+Index: znc-0.078/modules/adminlog.cpp
+===================================================================
+--- znc-0.078.orig/modules/adminlog.cpp	2009-08-10 19:16:03.000000000 +0100
++++ znc-0.078/modules/adminlog.cpp	2012-12-17 00:49:08.563505261 +0000
+@@ -52,7 +52,7 @@
+ 		if (sLine.Equals("ERROR ", false, 6)) {
+ 			//ERROR :Closing Link: nick[24.24.24.24] (Excess Flood)
+ 			//ERROR :Closing Link: nick[24.24.24.24] Killer (Local kill by Killer (reason))
+-			CString sError(sLine.substr(7));
++			CString sError(sLine.substr(6));
+ 			if (sError.Left(1) == ":")
+ 				sError.LeftChomp();
+ 			Log("[" + m_pUser->GetUserName() + "] disconnected from IRC: " +
+Index: znc-0.078/modules/away.cpp
+===================================================================
+--- znc-0.078.orig/modules/away.cpp	2009-12-02 18:16:19.000000000 +0000
++++ znc-0.078/modules/away.cpp	2012-12-17 00:50:00.871505337 +0000
+@@ -390,7 +390,7 @@
+ 			CBlowfish c(m_sPassword, BF_DECRYPT);
+ 			sBuffer = c.Crypt(sFile);
+ 
+-			if (sBuffer.substr(0, strlen(CRYPT_VERIFICATION_TOKEN)) != CRYPT_VERIFICATION_TOKEN)
++			if (sBuffer.Left(strlen(CRYPT_VERIFICATION_TOKEN)) != CRYPT_VERIFICATION_TOKEN)
+ 			{
+ 				// failed to decode :(
+ 				PutModule("Unable to decode Encrypted messages");
+Index: znc-0.078/modules/email.cpp
+===================================================================
+--- znc-0.078.orig/modules/email.cpp	2009-04-05 20:09:03.000000000 +0100
++++ znc-0.078/modules/email.cpp	2012-12-17 00:51:55.463505251 +0000
+@@ -154,7 +154,7 @@
+ 
+ 	virtual void ReadLine(const CS_STRING & sLine)
+ 	{
+-		if (sLine.substr(0, 5) == "From ")
++		if (sLine.Left(5) == "From ")
+ 		{
+ 			if (!m_sMailBuffer.empty())
+ 			{
+@@ -168,7 +168,7 @@
+ 	void ProcessMail()
+ 	{
+ 		EmailST tmp;
+-		tmp.sUidl = (char *)CMD5(m_sMailBuffer.substr(0, 255));
++		tmp.sUidl = (char *)CMD5(m_sMailBuffer.Left(255));
+ 		VCString vsLines;
+ 		VCString::iterator it;
+ 
+@@ -200,15 +200,7 @@
+ 
+ void CEmail::OnModCommand(const CString& sCommand)
+ {
+-	CString::size_type iPos = sCommand.find(" ");
+-	CString sCom, sArgs;
+-	if (iPos == CString::npos)
+-		sCom = sCommand;
+-	else
+-	{
+-		sCom = sCommand.substr(0, iPos);
+-		sArgs = sCommand.substr(iPos + 1, CString::npos);
+-	}
++	CString sCom = sCommand.Token(0);
+ 
+ 	if (sCom == "timers")
+ 	{
diff -Nru znc-0.078/debian/patches/series znc-0.078/debian/patches/series
--- znc-0.078/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ znc-0.078/debian/patches/series	2012-12-17 00:47:03.000000000 +0000
@@ -0,0 +1,3 @@
+cve-2010-2448.patch
+cve-2010-2812.patch
+cve-2010-2934.patch