diff -u libapache-mod-auth-kerb-4.996-5.0-rc6/debian/patches/00list libapache-mod-auth-kerb-4.996-5.0-rc6/debian/patches/00list
--- libapache-mod-auth-kerb-4.996-5.0-rc6/debian/patches/00list
+++ libapache-mod-auth-kerb-4.996-5.0-rc6/debian/patches/00list
@@ -2,0 +3 @@
+03_cve-2006-5989
diff -u libapache-mod-auth-kerb-4.996-5.0-rc6/debian/changelog libapache-mod-auth-kerb-4.996-5.0-rc6/debian/changelog
--- libapache-mod-auth-kerb-4.996-5.0-rc6/debian/changelog
+++ libapache-mod-auth-kerb-4.996-5.0-rc6/debian/changelog
@@ -1,3 +1,13 @@
+libapache-mod-auth-kerb (4.996-5.0-rc6-3ubuntu0.6.10) edgy-security; urgency=high
+
+  * SECURITY UPDATE: Off-by-one error in the der_get_oid function
+  * debian/patches/03_cve-2006-5989.dpatch: patch extracted from DSA-1247-1
+  * debian/rules: fix path to the build module for apache 2 (fixes FTBFS)
+  * References:
+    CVE 2006-5989
+
+ -- Michael Bienia <geser@ubuntu.com>  Fri, 19 Jan 2007 14:44:15 +0100
+
 libapache-mod-auth-kerb (4.996-5.0-rc6-3) unstable; urgency=low
 
   * Fix: GSSAPI fails with "Request is a replay" under krb5 1.4.3.
diff -u libapache-mod-auth-kerb-4.996-5.0-rc6/debian/rules libapache-mod-auth-kerb-4.996-5.0-rc6/debian/rules
--- libapache-mod-auth-kerb-4.996-5.0-rc6/debian/rules
+++ libapache-mod-auth-kerb-4.996-5.0-rc6/debian/rules
@@ -56,8 +56,7 @@
 	mkdir -p $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/lib/apache2/modules/ \
 		$(CURDIR)/debian/libapache2-mod-auth-kerb/usr/share/doc/libapache2-mod-auth-kerb \
 		$(CURDIR)/debian/libapache2-mod-auth-kerb/etc/apache2/mods-available
-	install -s -m 644 $(CURDIR)/src/.libs/mod_auth_kerb.so $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/lib/apache2/modules/mod_auth_kerb.so
-	install $(CURDIR)/src/.libs/mod_auth_kerb.so $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/lib/apache2/modules/mod_auth_kerb.so
+	install -s -m 644 $(CURDIR)/src/mod_auth_kerb.so $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/lib/apache2/modules/mod_auth_kerb.so
 	install -m644 $(CURDIR)/debian/auth_kerb.load $(CURDIR)/debian/libapache2-mod-auth-kerb/etc/apache2/mods-available
 	install -m 644 $(CURDIR)/README \
 		$(CURDIR)/debian/libapache2-mod-auth-kerb/usr/share/doc/libapache2-mod-auth-kerb/
--- libapache-mod-auth-kerb-4.996-5.0-rc6.orig/debian/patches/03_cve-2006-5989.dpatch
+++ libapache-mod-auth-kerb-4.996-5.0-rc6/debian/patches/03_cve-2006-5989.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 03_cve-2006-5989.dpatch by Michael Bienia <geser@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad libapache-mod-auth-kerb-4.996-5.0-rc6~/spnegokrb5/der_get.c libapache-mod-auth-kerb-4.996-5.0-rc6/spnegokrb5/der_get.c
+--- libapache-mod-auth-kerb-4.996-5.0-rc6~/spnegokrb5/der_get.c	2003-09-05 10:54:08.000000000 +0200
++++ libapache-mod-auth-kerb-4.996-5.0-rc6/spnegokrb5/der_get.c	2007-01-19 14:22:06.000000000 +0100
+@@ -151,7 +151,7 @@
+     if (len < 1)
+ 	return ASN1_OVERRUN;
+ 
+-    data->components = malloc(len * sizeof(*data->components));
++    data->components = malloc((len + 1) * sizeof(*data->components));
+     if (data->components == NULL && len != 0)
+ 	return ENOMEM;
+     data->components[0] = (*p) / 40;