diff -u normalize-audio-0.7.6/debian/changelog normalize-audio-0.7.6/debian/changelog
--- normalize-audio-0.7.6/debian/changelog
+++ normalize-audio-0.7.6/debian/changelog
@@ -1,3 +1,14 @@
+normalize-audio (0.7.6-7ubuntu0.1) dapper-security; urgency=low
+
+  * SECURITY UPDATE: Denial of service (application crash) or possibly
+    execute arbitrary code via a crafted WAV file.  (LP: #527033)
+    - src/adjust.c: Fix buffer overflows in 
+      case of compressed WAV files.
+    - Patch from Debian applied inline.
+    - CVE-2008-5824
+
+ -- Stefan Lesicnik <stefan@lsd.co.za>  Sun, 07 Mar 2010 14:11:02 +0200
+
 normalize-audio (0.7.6-7) unstable; urgency=low
 
   * Normalize frontends fixed to use the "normalize-audio" binary (Closes: 305367)
only in patch2:
unchanged:
--- normalize-audio-0.7.6.orig/src/adjust.c
+++ normalize-audio-0.7.6/src/adjust.c
@@ -276,8 +276,8 @@
 
   /* set up buffer to hold 1/100 of a second worth of frames */
   frames_in_buf = samp_rate / 100;
-  src_framesz = afGetFrameSize(fhin, AF_DEFAULT_TRACK, 1);
-  dst_framesz = afGetFrameSize(fhout, AF_DEFAULT_TRACK, 1);
+  src_framesz = afGetVirtualFrameSize(fhin, AF_DEFAULT_TRACK, 1);
+  dst_framesz = afGetVirtualFrameSize(fhout, AF_DEFAULT_TRACK, 1);
   src_buf = (unsigned char *)xmalloc(frames_in_buf * src_framesz);
   dst_buf = (unsigned char *)xmalloc(frames_in_buf * dst_framesz);