diff -u mon-0.99.2/debian/patches/00list mon-0.99.2/debian/patches/00list
--- mon-0.99.2/debian/patches/00list
+++ mon-0.99.2/debian/patches/00list
@@ -1,3 +1,4 @@
+00_CVE-2008-4477.dpatch
 01_cfbasedir_fix.dpatch
 02_enable_monshow_full_mode.dpatch
 03_remove_revision_control_headers.dpatch
diff -u mon-0.99.2/debian/changelog mon-0.99.2/debian/changelog
--- mon-0.99.2/debian/changelog
+++ mon-0.99.2/debian/changelog
@@ -1,3 +1,13 @@
+mon (0.99.2-11ubuntu1.7.10.1) gutsy-security; urgency=low
+
+  * SECURITY UPDATE: alert.d/test.alert in mon 0.99.2 allows local users to
+    overwrite arbitrary files via a symlink attack on the test.alert.log
+    temporary file.. (LP: #285100)
+    - 00_CVE-2008-4477.dpatch: Dont create file in /tmp 
+    - CVE-2008-4477
+
+ -- Stefan Lesicnik <stefan@lsd.co.za>  Fri, 17 Oct 2008 20:02:54 +0200
+
 mon (0.99.2-11ubuntu1) gutsy; urgency=low
 
   * Merge from Debian unstable. Remaining Ubuntu changes:
only in patch2:
unchanged:
--- mon-0.99.2.orig/debian/patches/00_CVE-2008-4477.dpatch
+++ mon-0.99.2/debian/patches/00_CVE-2008-4477.dpatch
@@ -0,0 +1,16 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 00_CVE-2008-4477.dpatch by Stefan Lesicnik <stefan@lsd.co.za>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad mon-0.99.2~/alert.d/test.alert mon-0.99.2/alert.d/test.alert
+--- mon-0.99.2~/alert.d/test.alert	2000-08-26 21:22:34.000000000 +0200
++++ mon-0.99.2/alert.d/test.alert	2008-10-17 20:01:34.000000000 +0200
+@@ -1,4 +1,4 @@
+ #!/bin/sh
+ #
+ # $Id: test.alert 1.1 Sat, 26 Aug 2000 15:22:34 -0400 trockij $
+-echo "`date` $*" >> /tmp/test.alert.log
++echo "`date` $*" >> /var/log/mon/test.alert.log