diff -u sabre-0.2.4b/debian/patches/series sabre-0.2.4b/debian/patches/series
--- sabre-0.2.4b/debian/patches/series
+++ sabre-0.2.4b/debian/patches/series
@@ -6,0 +7 @@
+040_CVE-2008-4407.diff
diff -u sabre-0.2.4b/debian/control sabre-0.2.4b/debian/control
--- sabre-0.2.4b/debian/control
+++ sabre-0.2.4b/debian/control
@@ -1,7 +1,8 @@
 Source: sabre
 Section: games
 Priority: optional
-Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
+Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
 Uploaders: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
 Build-Depends: debhelper (>= 4.0), quilt, libncurses-dev, libsdl1.2-dev (>= 1.2.2-3.1), libsvga1-dev [i386]
 Standards-Version: 3.7.2
diff -u sabre-0.2.4b/debian/changelog sabre-0.2.4b/debian/changelog
--- sabre-0.2.4b/debian/changelog
+++ sabre-0.2.4b/debian/changelog
@@ -1,3 +1,17 @@
+sabre (0.2.4b-23ubuntu0.8.04.1) hardy-security; urgency=low
+
+  * SECURITY UPDATE: XRunSabre in sabre (aka xsabre) 0.2.4b relies
+    on the ability to create /tmp/sabre.log, which allows local
+    users to cause a denial of service (application unavailability)
+    by creating a /tmp/sabre.log file that cannot be overwritten.
+    (LP: #283446)
+    - debian/patches/040_CVE-2008-4407.diff: upstream patch to
+      use mktemp to create temporary files.
+    - CVE-2008-4406
+    - CVE-2008-4407
+
+ -- Stefan Lesicnik <stefan@lsd.co.za>  Fri, 17 Oct 2008 21:49:45 +0200
+
 sabre (0.2.4b-23) unstable; urgency=high
 
   * debian/patches/025_endianness.diff:
only in patch2:
unchanged:
--- sabre-0.2.4b.orig/debian/patches/040_CVE-2008-4407.diff
+++ sabre-0.2.4b/debian/patches/040_CVE-2008-4407.diff
@@ -0,0 +1,50 @@
+Index: sabre-0.2.4b/RunSabre
+===================================================================
+--- sabre-0.2.4b.orig/RunSabre	2008-10-17 21:45:59.000000000 +0200
++++ sabre-0.2.4b/RunSabre	2008-10-17 21:47:06.000000000 +0200
+@@ -26,8 +26,9 @@
+ # 1999 Miscellanous changes by Milan Zamazal <pdm@debian.org>
+ banner="$(/usr/games/sabre --print-banner)"
+ DLG=/usr/bin/dialog
+-FOO=${TMPDIR:-/tmp}/sabre.$$
+-LOG=${TMPDIR:-/tmp}/sabre.log
++FOO=$(mktemp -t sabre.XXXXXX) || exit 1
++LOG=$(mktemp -t sabre.XXXXXX) || exit 1
++LOADLOG=$(mktemp -t sabre.XXXXXX) || exit 1
+ MODE="-mode 0"
+ RZ_STEPS=
+ SABRE="-mode $MODE" #default flight parameters
+@@ -474,7 +475,7 @@
+   "svgamode")      sabre_vgamodes;;
+   "window")        sabre_vgawindow;;
+   "documentation") sabre_documentation;;
+-  "quit" | "") rm -f $FOO $FOO1 $LOG loadlog; exit;;
++  "quit" | "") rm -f $FOO $LOG $LOADLOG; exit;;
+  esac
+ done
+ # the end
+Index: sabre-0.2.4b/RunSabreSDL
+===================================================================
+--- sabre-0.2.4b.orig/RunSabreSDL	2008-10-17 21:46:04.000000000 +0200
++++ sabre-0.2.4b/RunSabreSDL	2008-10-17 21:47:42.000000000 +0200
+@@ -26,8 +26,9 @@
+ # 1999, 2002 Miscellanous changes by Milan Zamazal <pdm@debian.org>
+ banner="$(/usr/games/sabresdl --print-banner)"
+ DLG=/usr/bin/dialog
+-FOO=${TMPDIR:-/tmp}/sabre.$$
+-LOG=${TMPDIR:-/tmp}/sabre.log
++FOO=$(mktemp -t sabre.XXXXXX) || exit 1
++LOG=$(mktemp -t sabre.XXXXXX) || exit 1
++LOADLOG=$(mktemp -t sabre.XXXXXX) || exit 1
+ MODE="-mode 0"
+ RZ_STEPS=
+ SABRE="-mode $MODE" #default flight parameters
+@@ -472,7 +473,7 @@
+   "controls")      sabre_controls;;
+   "window")        sabre_vgawindow;;
+   "documentation") sabre_documentation;;
+-  "quit" | "") rm -f $FOO $FOO1 $LOG loadlog; exit;;
++  "quit" | "") rm -f $FOO $LOG $LOADLOG; exit;;
+  esac
+ done
+ # the end