diff -u clamav-0.92.1~dfsg2/debian/patches/00list clamav-0.92.1~dfsg2/debian/patches/00list
--- clamav-0.92.1~dfsg2/debian/patches/00list
+++ clamav-0.92.1~dfsg2/debian/patches/00list
@@ -7,0 +8 @@
+28_of-by-1.dpatch
diff -u clamav-0.92.1~dfsg2/debian/changelog clamav-0.92.1~dfsg2/debian/changelog
--- clamav-0.92.1~dfsg2/debian/changelog
+++ clamav-0.92.1~dfsg2/debian/changelog
@@ -1,3 +1,12 @@
+clamav (0.92.1~dfsg2-1.1~gutsy3.1ubuntu1) gutsy-security; urgency=low
+
+  * SECURITY UPDATE: fix off-by-one heap overflow  
+  * References : LP #296704, Debian Bug #505134
+  * Updated 28_of-by-1.dpatch
+    - libclamav/vba_extract.c
+
+ -- Leonel Nunez <leonel@enelserver.com>  Tue, 11 Nov 2008 05:21:55 -0700
+
 clamav (0.92.1~dfsg2-1.1~gutsy3.1) gutsy-security; urgency=low
 
   * SECURITY UPDATE: fix possible DoS due to invalid memory access
only in patch2:
unchanged:
--- clamav-0.92.1~dfsg2.orig/debian/patches/28_of-by-1.dpatch
+++ clamav-0.92.1~dfsg2/debian/patches/28_of-by-1.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 28_of-by-1.dpatch by Leonel Nunez <leonel@enelserver.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad clamav-0.92.1~dfsg2~/libclamav/vba_extract.c clamav-0.92.1~dfsg2/libclamav/vba_extract.c
+--- clamav-0.92.1~dfsg2~/libclamav/vba_extract.c	2008-01-28 14:30:35.000000000 -0700
++++ clamav-0.92.1~dfsg2/libclamav/vba_extract.c	2008-11-11 05:21:28.000000000 -0700
+@@ -136,7 +136,7 @@
+ 	if((name == NULL) || (*name == '\0') || (size <= 0))
+                 return NULL;
+ 
+-        newname = (char *)cli_malloc(size * 7);
++        newname = (char *)cli_malloc(size * 7 + 1);
+         if(newname == NULL)
+                 return NULL;
+