diff -u fetchmail-6.3.8/debian/patches/series fetchmail-6.3.8/debian/patches/series
--- fetchmail-6.3.8/debian/patches/series
+++ fetchmail-6.3.8/debian/patches/series
@@ -5,0 +6 @@
+06_fix_CVE-2008-2711_DoS.patch
diff -u fetchmail-6.3.8/debian/changelog fetchmail-6.3.8/debian/changelog
--- fetchmail-6.3.8/debian/changelog
+++ fetchmail-6.3.8/debian/changelog
@@ -1,3 +1,13 @@
+fetchmail (6.3.8-11ubuntu3) intrepid; urgency=low
+
+  * SECURITY FIX for CVE-2008-2711 (LP: #240549)
+    - Corrects a denial of service attack that can crash fetchmail when 
+      running in -v -v mode via malformed mail messages with long headers
+  * patches/06_fix_CVE-2008-2711_DoS.patch
+    - corrects CVE-2008-2711
+
+ -- Michael Casadevall <sonicmctails@gmail.com>  Tue, 21 Oct 2008 08:05:46 -0400
+
 fetchmail (6.3.8-11ubuntu2) intrepid; urgency=low
 
   * Remove stop links from rc0 and rc6 (LP: #254254):
only in patch2:
unchanged:
--- fetchmail-6.3.8.orig/debian/patches/06_fix_CVE-2008-2711_DoS.patch
+++ fetchmail-6.3.8/debian/patches/06_fix_CVE-2008-2711_DoS.patch
@@ -0,0 +1,54 @@
+Index: fetchmail-6.3.8/report.c
+===================================================================
+--- fetchmail-6.3.8.orig/report.c	2008-10-21 08:22:29.000000000 -0400
++++ fetchmail-6.3.8/report.c	2008-10-21 08:24:50.000000000 -0400
+@@ -238,11 +238,17 @@
+     rep_ensuresize();
+ 
+ #if defined(VA_START)
+-    VA_START (args, message);
+     for ( ; ; )
+     {
++       /*
++        * args has to be initialized before every call of vsnprintf(),
++        * because vsnprintf() invokes va_arg macro and thus args is
++        * undefined after the call
++        */
++    VA_START (args, message);
+ 	n = vsnprintf (partial_message + partial_message_size_used, partial_message_size - partial_message_size_used,
+ 		       message, args);
++	va_end (args);
+ 
+ 	if (n >= 0
+ 	    && (unsigned)n < partial_message_size - partial_message_size_used)
+@@ -254,7 +260,6 @@
+ 	partial_message_size += 2048;
+ 	partial_message = REALLOC (partial_message, partial_message_size);
+     }
+-    va_end (args);
+ #else
+     for ( ; ; )
+     {
+@@ -304,12 +309,13 @@
+     rep_ensuresize();
+ 
+ #if defined(VA_START)
+-    VA_START (args, message);
+     for ( ; ; )
+     {
++    VA_START (args, message);
+ 	n = vsnprintf (partial_message + partial_message_size_used,
+ 		       partial_message_size - partial_message_size_used,
+ 		       message, args);
++	va_end (args);
+ 
+ 	/* old glibc versions return -1 for truncation */
+ 	if (n >= 0
+@@ -322,7 +328,6 @@
+ 	partial_message_size += 2048;
+ 	partial_message = REALLOC (partial_message, partial_message_size);
+     }
+-    va_end (args);
+ #else
+     for ( ; ; )
+     {