diff -u normalize-audio-0.7.7/debian/patches/00list normalize-audio-0.7.7/debian/patches/00list
--- normalize-audio-0.7.7/debian/patches/00list
+++ normalize-audio-0.7.7/debian/patches/00list
@@ -1,3 +1,4 @@
+compressed-wav-files.dpatch
 rename-binary.dpatch
 fix-exdev-error.dpatch
 fix-flac.dpatch
diff -u normalize-audio-0.7.7/debian/changelog normalize-audio-0.7.7/debian/changelog
--- normalize-audio-0.7.7/debian/changelog
+++ normalize-audio-0.7.7/debian/changelog
@@ -1,3 +1,14 @@
+normalize-audio (0.7.7-2ubuntu0.8.04.1) hardy-security; urgency=low
+
+  * SECURITY UPDATE: Denial of service (application crash) or possibly
+    execute arbitrary code via a crafted WAV file.  (LP: #527033)
+    - debian/patches/compressed-wav-files.dpatch: Fix buffer overflows in 
+      case of compressed WAV files.
+    - Patch from Debian.
+    - CVE-2008-5824
+
+ -- Stefan Lesicnik <stefan@lsd.lsd.co.za>  Tue, 02 Mar 2010 16:16:41 +0200
+
 normalize-audio (0.7.7-2) unstable; urgency=low
 
   * New maintainer (Closes: #406511)
diff -u normalize-audio-0.7.7/debian/control normalize-audio-0.7.7/debian/control
--- normalize-audio-0.7.7/debian/control
+++ normalize-audio-0.7.7/debian/control
@@ -1,7 +1,8 @@
 Source: normalize-audio
 Section: sound
 Priority: extra
-Maintainer: Joachim Reichel <joachim.reichel@gmx.de>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Joachim Reichel <joachim.reichel@gmx.de>
 Build-Depends: debhelper (>= 5), dpatch, autotools-dev, libaudiofile-dev, libmad0-dev, mpg321, vorbis-tools, flac
 Standards-Version: 3.7.2
 
only in patch2:
unchanged:
--- normalize-audio-0.7.7.orig/debian/patches/compressed-wav-files.dpatch
+++ normalize-audio-0.7.7/debian/patches/compressed-wav-files.dpatch
@@ -0,0 +1,22 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## compressed-wav-files.dpatch by Stefan Fritsch <sf@sfritsch.de>
+##
+## DP: afGetVirtualFrameSize() needs to be used instead of afGetFrameSize(),
+## DP: otherwise the allocated buffer size is too small for compressed
+## DP: WAV files (see #558399).
+
+@DPATCH@
+diff -urNad normalize-audio-0.7.7~/src/adjust.c normalize-audio-0.7.7/src/adjust.c
+--- normalize-audio-0.7.7~/src/adjust.c	2009-01-29 21:25:27.000000000 +0100
++++ normalize-audio-0.7.7/src/adjust.c	2009-11-28 17:23:40.000000000 +0100
+@@ -277,8 +277,8 @@
+ 
+   /* set up buffer to hold 1/100 of a second worth of frames */
+   frames_in_buf = samp_rate / 100;
+-  src_framesz = afGetFrameSize(fhin, AF_DEFAULT_TRACK, 1);
+-  dst_framesz = afGetFrameSize(fhout, AF_DEFAULT_TRACK, 1);
++  src_framesz = afGetVirtualFrameSize(fhin, AF_DEFAULT_TRACK, 1);
++  dst_framesz = afGetVirtualFrameSize(fhout, AF_DEFAULT_TRACK, 1);
+   src_buf = (unsigned char *)xmalloc(frames_in_buf * src_framesz);
+   dst_buf = (unsigned char *)xmalloc(frames_in_buf * dst_framesz);
+