diff -Nru xpdf-3.02/debian/changelog xpdf-3.02/debian/changelog
--- xpdf-3.02/debian/changelog	2010-04-07 04:26:18.000000000 -0400
+++ xpdf-3.02/debian/changelog	2011-01-20 16:54:13.000000000 -0500
@@ -1,3 +1,20 @@
+xpdf (3.02-2ubuntu1.1) lucid-security; urgency=low
+
+  * SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
+    cause a denial of service (crash) via unknown vectors that trigger an
+    uninitialized pointer dereference. (LP: #701220)
+    - cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael Gilbert)
+    - CVE-2010-3702
+  * SECURITY UPDATE: FoFiType1::parse function allows context-dependent
+    attackers to cause a denial of service (crash) and possibly execute
+    arbitrary code via a PDF file with a crafted Type1 font that contains a
+    negative array index, which bypasses input validation and which triggers
+    memory corruption. (LP: #701220)
+    - cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael Gilbert)
+    - CVE-2010-3704
+
+ -- Brian Thomason <brian.thomason@canonical.com>  Thu, 20 Jan 2011 16:49:30 -0500
+
 xpdf (3.02-2ubuntu1) lucid; urgency=low
 
   * Merge from Debian unstable. (LP: #556483) Remaining changes: 
diff -Nru xpdf-3.02/debian/patches/cve-2010-3702.dpatch xpdf-3.02/debian/patches/cve-2010-3702.dpatch
--- xpdf-3.02/debian/patches/cve-2010-3702.dpatch	1969-12-31 19:00:00.000000000 -0500
+++ xpdf-3.02/debian/patches/cve-2010-3702.dpatch	2011-01-20 16:47:42.000000000 -0500
@@ -0,0 +1,25 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+# description: fix cve-2010-3720
+# author: Michael Gilbert <michael.s.gilbert@gmail.com>
+
+@DPATCH@
+diff -ur orig/xpdf-3.02/xpdf/Gfx.cc xpdf-3.02/xpdf/Gfx.cc
+--- orig/xpdf-3.02/xpdf/Gfx.cc	2007-02-27 17:05:52.000000000 -0500
++++ xpdf-3.02/xpdf/Gfx.cc	2010-10-11 21:11:14.000000000 -0400
+@@ -441,6 +441,7 @@
+ 	 void *abortCheckCbkDataA) {
+   int i;
+ 
++  parser = NULL;
+   xref = xrefA;
+   subPage = gFalse;
+   printCommands = globalParams->getPrintCommands();
+@@ -483,6 +484,7 @@
+ 	 void *abortCheckCbkDataA) {
+   int i;
+ 
++  parser = NULL;
+   xref = xrefA;
+   subPage = gTrue;
+   printCommands = globalParams->getPrintCommands();
+Only in xpdf-3.02/xpdf: Gfx.cc.rej
diff -Nru xpdf-3.02/debian/patches/cve-2010-3704.dpatch xpdf-3.02/debian/patches/cve-2010-3704.dpatch
--- xpdf-3.02/debian/patches/cve-2010-3704.dpatch	1969-12-31 19:00:00.000000000 -0500
+++ xpdf-3.02/debian/patches/cve-2010-3704.dpatch	2011-01-20 16:47:42.000000000 -0500
@@ -0,0 +1,17 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+# description: fix cve-2010-3704 patch
+# author: Michael Gilbert <michael.s.gilbert@gmail.com>
+
+@DPATCH@
+diff --git a/fofi/FoFiType1.cc b/fofi/FoFiType1.cc
+--- a/fofi/FoFiType1.cc
++++ b/fofi/FoFiType1.cc
+@@ -243,7 +244,7 @@ void FoFiType1::parse() {
+ 		code = code * 8 + (*p2 - '0');
+ 	      }
+ 	    }
+-	    if (code < 256) {
++	    if (code < 256 && code >= 0) {
+ 	      for (p = p2; *p == ' ' || *p == '\t'; ++p) ;
+ 	      if (*p == '/') {
+ 		++p;
diff -Nru xpdf-3.02/debian/patches/series xpdf-3.02/debian/patches/series
--- xpdf-3.02/debian/patches/series	2010-04-07 04:26:18.000000000 -0400
+++ xpdf-3.02/debian/patches/series	2011-01-20 16:48:51.000000000 -0500
@@ -55,3 +55,7 @@
 
 # Ubuntu
 do-not-make-ps-arrays-bigger-than-64k-from-big-images-in-patterns.dpatch
+
+#Fix CVE-2010-3702,3704
+cve-2010-3702.dpatch
+cve-2010-3704.dpatch