diff -u pulseaudio-0.9.5/debian/changelog pulseaudio-0.9.5/debian/changelog
--- pulseaudio-0.9.5/debian/changelog
+++ pulseaudio-0.9.5/debian/changelog
@@ -1,3 +1,14 @@
+pulseaudio (0.9.5-5ubuntu4.2) feisty-security; urgency=low
+
+  * [SECURITY] Apply (new) patch fixing unchecked setuid() return
+    values.  Tweak patch from Red Hat #425481.
+  * References:
+    CVE-2008-0008
+    https://bugzilla.novell.com/show_bug.cgi?id=347822
+    https://bugzilla.redhat.com/show_bug.cgi?id=425481
+
+ -- Daniel T Chen <crimsun@ubuntu.com>  Wed, 23 Jan 2008 20:33:14 -0500
+
 pulseaudio (0.9.5-5ubuntu4.1) feisty-security; urgency=low
 
   * SECURITY UPDATE: Denial of service (daemon crash).
diff -u pulseaudio-0.9.5/debian/patches/00list pulseaudio-0.9.5/debian/patches/00list
--- pulseaudio-0.9.5/debian/patches/00list
+++ pulseaudio-0.9.5/debian/patches/00list
@@ -9,0 +10 @@
+11_fix_unchecked_setuid_return_values.dpatch
only in patch2:
unchanged:
--- pulseaudio-0.9.5.orig/debian/patches/11_fix_unchecked_setuid_return_values.dpatch
+++ pulseaudio-0.9.5/debian/patches/11_fix_unchecked_setuid_return_values.dpatch
@@ -0,0 +1,99 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 11_fix_unchecked_setuid_return_values.dpatch by Daniel T Chen <crimsun@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: CVE-2008-0008, https://bugzilla.redhat.com/show_bug.cgi?id=425481
+
+@DPATCH@
+diff -urNad pulseaudio-0.9.5~/src/daemon/caps.c pulseaudio-0.9.5/src/daemon/caps.c
+--- pulseaudio-0.9.5~/src/daemon/caps.c	2006-08-18 17:38:48.000000000 -0400
++++ pulseaudio-0.9.5/src/daemon/caps.c	2008-01-24 00:25:25.000000000 -0500
+@@ -48,27 +48,36 @@
+ #ifdef HAVE_GETUID
+ 
+ /* Drop root rights when called SUID root */
+-void pa_drop_root(void) {
++int pa_drop_root(void) {
+     uid_t uid = getuid();
++    int error = 0;
+     
+     if (uid == 0 || geteuid() != 0)
+-        return;
++        return 0;
+ 
+     pa_log_info("dropping root rights.");
+ 
+ #if defined(HAVE_SETRESUID)
+-    setresuid(uid, uid, uid);
++    error += setresuid(uid, uid, uid);
+ #elif defined(HAVE_SETREUID)
+-    setreuid(uid, uid);
++    error += setreuid(uid, uid);
+ #else
+-    setuid(uid);
+-    seteuid(uid);
++    error += setuid(uid);
++    error += seteuid(uid);
+ #endif
++
++    if (error != 0) {
++	pa_log_error("Could not drop root priviliges.");
++	return -1;
++    }
++
++    return 0;
+ }
+ 
+ #else
+ 
+-void pa_drop_root(void) {
++int pa_drop_root(void) {
++    return 0;
+ }
+ 
+ #endif
+@@ -141,8 +150,7 @@
+ }
+ 
+ int pa_drop_caps(void) {
+-    pa_drop_root();
+-    return 0;
++    return pa_drop_root();
+ }
+ 
+ #endif
+diff -urNad pulseaudio-0.9.5~/src/daemon/caps.h pulseaudio-0.9.5/src/daemon/caps.h
+--- pulseaudio-0.9.5~/src/daemon/caps.h	2006-06-19 19:53:22.000000000 -0400
++++ pulseaudio-0.9.5/src/daemon/caps.h	2008-01-24 00:25:52.000000000 -0500
+@@ -22,7 +22,7 @@
+   USA.
+ ***/
+ 
+-void pa_drop_root(void);
++int pa_drop_root(void);
+ int pa_limit_caps(void);
+ int pa_drop_caps(void);
+ 
+diff -urNad pulseaudio-0.9.5~/src/daemon/main.c pulseaudio-0.9.5/src/daemon/main.c
+--- pulseaudio-0.9.5~/src/daemon/main.c	2006-08-24 19:56:34.000000000 -0400
++++ pulseaudio-0.9.5/src/daemon/main.c	2008-01-24 00:19:28.000000000 -0500
+@@ -336,7 +336,8 @@
+     
+     if (suid_root && (pa_own_uid_in_group(PA_REALTIME_GROUP, &gid) <= 0 || gid >= 1000)) {
+         pa_log_warn("WARNING: called SUID root, but not in group '"PA_REALTIME_GROUP"'.");
+-        pa_drop_root();
++        if (pa_drop_root() < 0)
++	    goto finish;
+     }
+ #else
+     real_root = 0;
+@@ -381,7 +382,8 @@
+     pa_drop_caps();
+ 
+     if (suid_root)
+-        pa_drop_root();
++        if (pa_drop_root() < 0)
++	    goto finish;
+ 
+     if (conf->dl_search_path)
+         lt_dlsetsearchpath(conf->dl_search_path);