diff -u perdition-1.17/debian/changelog perdition-1.17/debian/changelog
--- perdition-1.17/debian/changelog
+++ perdition-1.17/debian/changelog
@@ -1,3 +1,21 @@
+perdition (1.17-7ubuntu0.7.10.1) gutsy-security; urgency=low
+
+  * SECURITY UPDATE: The format string protection 
+    mechanism in IMAPD for Perdition Mail Retrieval 
+    Proxy 1.17 and earlier allows remote attackers to 
+    execute arbitrary code via an IMAP tag with a null 
+    byte followed by a format string specifier, 
+    which is not counted by the mechanism.
+  * perdition/imap4_in.c: Added patch according to upstream (LP: #162543)
+    (See: http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46)
+  * References:
+    CVE-2007-5740
+    https://bugs.edge.launchpad.net/ubuntu/dapper/+source/perdition/+bug/162543
+    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448853
+    http://perdition.cvs.sourceforge.net/perdition/perdition/perdition/imap4_in.c?r1=1.45&r2=1.46
+
+ -- Stephan Hermann <sh@sourcecode.de>  Wed, 14 Nov 2007 13:44:43 +0100
+
 perdition (1.17-7) unstable; urgency=low
 
   * Remove the unneccesary Build-Depends on automake as part of
only in patch2:
unchanged:
--- perdition-1.17.orig/perdition/imap4_in.c
+++ perdition-1.17/perdition/imap4_in.c
@@ -277,6 +277,76 @@
 
 #endif /* WITH_PAM_SUPPORT */
 
+/**********************************************************************
+ * imap4_in_verify_tag_str
+ * Verify that a tag is valid
+ * Pre: tag: io_t to write to
+ * Return 0 on success
+ *        -1 otherwise
+ **********************************************************************/
+
+/* Excerpts from rfc3501, Section 9. Formal Syntax
+ *
+ * The ASCII NUL character, %x00, MUST NOT be used at any time.
+ *
+ * tag             = 1*<any ASTRING-CHAR except "+">
+ *
+ * ATOM-CHAR       = <any CHAR except atom-specials>
+ *
+ * atom-specials   = "(" / ")" / "{" / SP / CTL / list-wildcards /
+ *                quoted-specials / resp-specials
+ *
+ * list-wildcards  = "%" / "*"
+ *
+ * quoted-specials = DQUOTE / "\"
+ *
+ * resp-specials   = "]"
+ *
+ * Excerpts from rfc2060, Section 9. Formal Syntax
+ *
+ * CHAR            ::= <any 7-bit US-ASCII character except NUL,
+ *                      0x01 - 0x7f>
+ *
+ * CTL             ::= <any ASCII control character and DEL,
+ *                         0x00 - 0x1f, 0x7f>
+ */
+
+static int imap4_in_verify_tag_str(const token_t *tag)
+{
+	unsigned char *tag_str;
+	size_t tag_str_len, i;
+
+	tag_str_len = token_len(tag);
+
+	if (!tag_str_len)
+		return -1;
+
+	tag_str = token_buf(tag);
+
+	for (i = 0; i < tag_str_len; i++) {
+		/* Must be ASCII, must not be a control character */
+		if (tag_str[i] <= 0x1f || tag_str[i] >= 0x7f)
+			return -1;
+		/* Must not be other reserved characters */
+		switch(tag_str[i]) {
+			case '\0':
+			case '(':
+			case ')':
+			case '{':
+			case ' ':
+			case '%':
+			case '*':
+			case '"':
+			case '\\':
+			case ']':
+				return -1;
+		}
+	}
+
+	return 0;
+}
+
+
 
 /**********************************************************************
  * imap4_in_get_pw
@@ -342,14 +412,16 @@
       break;
     }
 
+    if (imap4_in_verify_tag_str(tag)) {
+		token_assign(tag, (unsigned char *)strdup(IMAP4_UNTAGGED),
+					 strlen(IMAP4_UNTAGGED), 0);
+		__IMAP4_IN_BAD("Invalid tag, mate");
+		goto loop;
+	}
+
+
     if(token_is_eol(tag)){
-      if(token_is_null(tag)){
-	token_assign(tag, strdup(IMAP4_BAD), strlen(IMAP4_BAD), 0);
-	__IMAP4_IN_BAD("Null tag, mate");
-      }
-      else {
-	__IMAP4_IN_BAD("Missing command, mate");
-      }
+      __IMAP4_IN_BAD("Missing command, mate");
       goto loop;
     }