diff -u php-imap-5.1.2/debian/control php-imap-5.1.2/debian/control
--- php-imap-5.1.2/debian/control
+++ php-imap-5.1.2/debian/control
@@ -1,7 +1,8 @@
 Source: php-imap
 Section: web
 Priority: optional
-Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
+Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
 Uploaders: Adam Conrad <adconrad@0c3.net>
 Build-Depends: debhelper (>= 4.2), libc-client-dev, php4-dev (>= 4:4.4.0-1), php5-dev (>= 5.1.1-1)
 Standards-Version: 3.6.2
diff -u php-imap-5.1.2/debian/changelog php-imap-5.1.2/debian/changelog
--- php-imap-5.1.2/debian/changelog
+++ php-imap-5.1.2/debian/changelog
@@ -1,3 +1,11 @@
+php-imap (5.1.2-1ubuntu0.1) dapper-security; urgency=low
+
+  * SECURITY UPDATE: unsafe usage of deprecated imap functions (LP: #485973)
+    - php_imap.c: apply patch taken from Debian
+    - CVE-2008-2829
+
+ -- Devid Antonio Filoni <d.filoni@ubuntu.com>  Wed, 06 Jan 2010 18:58:48 +0100
+
 php-imap (5.1.2-1) unstable; urgency=low
 
   * New upstream release, fixing ANOTHER crash in imap_mail_compose(),
only in patch2:
unchanged:
--- php-imap-5.1.2.orig/php_imap.c
+++ php-imap-5.1.2/php_imap.c
@@ -66,6 +66,7 @@
 static void _php_imap_add_body(zval *arg, BODY *body TSRMLS_DC);
 static void _php_imap_parse_address(ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC);
 static int _php_imap_address_size(ADDRESS *addresslist);
+static void _php_rfc822_write_address_len (char *dest, ADDRESS *adr, int len);
 
 /* These function declarations are missing from the IMAP header files... */
 void rfc822_date(char *date);
@@ -2031,7 +2032,7 @@
 	}
 
 	string[0]='\0';
-	rfc822_write_address(string, addr);
+	_php_rfc822_write_address_len(string, addr, sizeof(string));
 	RETVAL_STRING(string, 1);
 }
 /* }}} */
@@ -2789,13 +2790,13 @@
 				if (env->from && _php_imap_address_size(env->from) < MAILTMPLEN) {
 					env->from->next=NULL;
 					address[0] = '\0';
-					rfc822_write_address(address, env->from);
+					_php_rfc822_write_address_len(address, env->from, sizeof(address));
 					add_property_string(myoverview, "from", address, 1);
 				}
 				if (env->to && _php_imap_address_size(env->to) < MAILTMPLEN) {
 					env->to->next = NULL;
 					address[0] = '\0';
-					rfc822_write_address(address, env->to);
+					_php_rfc822_write_address_len(address, env->to, sizeof(address));
 					add_property_string(myoverview, "to", address, 1);
 				}
 				if (env->date) {
@@ -3746,6 +3747,34 @@
 /* }}} */
 
 
+/* {{{ _php_rfc822_soutr
+ */
+static long _php_rfc822_soutr (void *stream,char *string)
+{
+ return NIL;
+}
+
+/* }}} */
+
+
+/* {{{ _php_rfc822_write_address_len
+ */
+static void _php_rfc822_write_address_len ( char *dest, ADDRESS *adr, int len)
+{
+ RFC822BUFFER buf;
+
+ buf.beg = dest;
+ buf.cur = buf.beg;
+ buf.end = buf.beg + len - 1;
+ buf.s = NIL;
+ buf.f = _php_rfc822_soutr;
+ rfc822_output_address_list (&buf, adr, 0, NIL);
+ *buf.cur = '\0';
+}
+ 
+/* }}} */
+
+
 /* {{{ _php_imap_parse_address
  */
 static void _php_imap_parse_address (ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC)
@@ -3760,7 +3789,7 @@
 	if ((len = _php_imap_address_size(addresstmp))) {
 		tmpstr = (char *) malloc(len + 1);
 		tmpstr[0] = '\0';
-		rfc822_write_address(tmpstr, addresstmp);
+		_php_rfc822_write_address_len(tmpstr, addresstmp, len);
 		*fulladdress = tmpstr;
 	} else {
 		*fulladdress = NULL;