diff -u unbound-1.4.5/debian/changelog unbound-1.4.5/debian/changelog
--- unbound-1.4.5/debian/changelog
+++ unbound-1.4.5/debian/changelog
@@ -1,3 +1,11 @@
+unbound (1.4.5-1ubuntu1.1) maverick-security; urgency=low
+
+  * SECURITY UPDATE:
+  * References: CVE 2011-1922 (LP: #788818)
+  * Add debian/patches/30_cve2011-1922 backported from 1.4.10
+
+ -- Scott Kitterman <scott@kitterman.com>  Sat, 28 May 2011 00:09:20 -0400
+
 unbound (1.4.5-1ubuntu1) maverick; urgency=low
 
   * Fix FTBFS by not calling "autoreconf -fvi" in debian/rules.
diff -u unbound-1.4.5/debian/patches/series unbound-1.4.5/debian/patches/series
--- unbound-1.4.5/debian/patches/series
+++ unbound-1.4.5/debian/patches/series
@@ -1,2 +1,3 @@
 20_example_conf_default_chroot
+30_cve2011-1922
 10_libev_library
only in patch2:
unchanged:
--- unbound-1.4.5.orig/debian/patches/30_cve2011-1922
+++ unbound-1.4.5/debian/patches/30_cve2011-1922
@@ -0,0 +1,13 @@
+Backport from upstream 1.4.10 release
+Index: unbound-1.4.5/daemon/worker.c
+===================================================================
+--- unbound-1.4.5.orig/daemon/worker.c	2011-05-28 00:10:58.462097645 -0400
++++ unbound-1.4.5/daemon/worker.c	2011-05-28 00:11:06.086097641 -0400
+@@ -774,6 +774,7 @@
+ 		qinfo.qtype == LDNS_RR_TYPE_IXFR) {
+ 		verbose(VERB_ALGO, "worker request: refused zone transfer.");
+ 		log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
++		ldns_buffer_rewind(c->buffer);
+ 		LDNS_QR_SET(ldns_buffer_begin(c->buffer));
+ 		LDNS_RCODE_SET(ldns_buffer_begin(c->buffer), 
+ 			LDNS_RCODE_REFUSED);