diff -u normalize-audio-0.7.7/debian/changelog normalize-audio-0.7.7/debian/changelog
--- normalize-audio-0.7.7/debian/changelog
+++ normalize-audio-0.7.7/debian/changelog
@@ -1,3 +1,14 @@
+normalize-audio (0.7.7-4ubuntu0.1) karmic-security; urgency=low
+
+  * SECURITY UPDATE: Denial of service (application crash) or possibly
+    execute arbitrary code via a crafted WAV file.  (LP: #527033)
+    - debian/patches/compressed-wav-files.dpatch: Fix buffer overflows in 
+      case of compressed WAV files.
+    - Patch from Debian.
+    - CVE-2008-5824
+
+ -- Stefan Lesicnik <stefan@lsd.lsd.co.za>  Thu, 25 Feb 2010 05:46:13 +0200
+
 normalize-audio (0.7.7-4) unstable; urgency=low
 
   * Upload 0.7.7-3 to unstable (no further changes).
diff -u normalize-audio-0.7.7/debian/patches/00list normalize-audio-0.7.7/debian/patches/00list
--- normalize-audio-0.7.7/debian/patches/00list
+++ normalize-audio-0.7.7/debian/patches/00list
@@ -1,3 +1,4 @@
+compressed-wav-files.dpatch
 rename-binary.dpatch
 fix-exdev-error.dpatch
 fix-flac.dpatch
only in patch2:
unchanged:
--- normalize-audio-0.7.7.orig/debian/patches/compressed-wav-files.dpatch
+++ normalize-audio-0.7.7/debian/patches/compressed-wav-files.dpatch
@@ -0,0 +1,22 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## compressed-wav-files.dpatch by Stefan Fritsch <sf@sfritsch.de>
+##
+## DP: afGetVirtualFrameSize() needs to be used instead of afGetFrameSize(),
+## DP: otherwise the allocated buffer size is too small for compressed
+## DP: WAV files (see #558399).
+
+@DPATCH@
+diff -urNad normalize-audio-0.7.7~/src/adjust.c normalize-audio-0.7.7/src/adjust.c
+--- normalize-audio-0.7.7~/src/adjust.c	2009-01-29 21:25:27.000000000 +0100
++++ normalize-audio-0.7.7/src/adjust.c	2009-11-28 17:23:40.000000000 +0100
+@@ -277,8 +277,8 @@
+ 
+   /* set up buffer to hold 1/100 of a second worth of frames */
+   frames_in_buf = samp_rate / 100;
+-  src_framesz = afGetFrameSize(fhin, AF_DEFAULT_TRACK, 1);
+-  dst_framesz = afGetFrameSize(fhout, AF_DEFAULT_TRACK, 1);
++  src_framesz = afGetVirtualFrameSize(fhin, AF_DEFAULT_TRACK, 1);
++  dst_framesz = afGetVirtualFrameSize(fhout, AF_DEFAULT_TRACK, 1);
+   src_buf = (unsigned char *)xmalloc(frames_in_buf * src_framesz);
+   dst_buf = (unsigned char *)xmalloc(frames_in_buf * dst_framesz);
+