diff -u xpdf-3.02/debian/changelog xpdf-3.02/debian/changelog
--- xpdf-3.02/debian/changelog
+++ xpdf-3.02/debian/changelog
@@ -1,3 +1,20 @@
+xpdf (3.02-1.4ubuntu2.9.10.2) karmic-security; urgency=low
+
+  * SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
+    cause a denial of service (crash) via unknown vectors that trigger an
+    uninitialized pointer dereference.
+    - cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael Gilbert)
+    - CVE-2010-3702
+  * SECURITY UPDATE: FoFiType1::parse function allows context-dependent
+    attackers to cause a denial of service (crash) and possibly execute
+    arbitrary code via a PDF file with a crafted Type1 font that contains a
+    negative array index, which bypasses input validation and which triggers
+    memory corruption.
+    - cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael Gilbert)
+    - CVE-2010-3704
+
+ -- Brian Thomason <brian.thomason@canonical.com>  Mon, 10 Jan 2011 15:32:39 -0500
+
 xpdf (3.02-1.4ubuntu2.9.10.1) karmic-security; urgency=low
 
   [ Nicolas Valcárcel Scerpella ]
diff -u xpdf-3.02/debian/patches/00list xpdf-3.02/debian/patches/00list
--- xpdf-3.02/debian/patches/00list
+++ xpdf-3.02/debian/patches/00list
@@ -52,0 +53,3 @@
+#Fix CVE-2010-3702,3704
+cve-2010-3702.dpatch
+cve-2010-3704.dpatch
only in patch2:
unchanged:
--- xpdf-3.02.orig/debian/patches/cve-2010-3704.dpatch
+++ xpdf-3.02/debian/patches/cve-2010-3704.dpatch
@@ -0,0 +1,17 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+# description: fix cve-2010-3704 patch
+# author: Michael Gilbert <michael.s.gilbert@gmail.com>
+
+@DPATCH@
+diff --git a/fofi/FoFiType1.cc b/fofi/FoFiType1.cc
+--- a/fofi/FoFiType1.cc
++++ b/fofi/FoFiType1.cc
+@@ -243,7 +244,7 @@ void FoFiType1::parse() {
+ 		code = code * 8 + (*p2 - '0');
+ 	      }
+ 	    }
+-	    if (code < 256) {
++	    if (code < 256 && code >= 0) {
+ 	      for (p = p2; *p == ' ' || *p == '\t'; ++p) ;
+ 	      if (*p == '/') {
+ 		++p;
only in patch2:
unchanged:
--- xpdf-3.02.orig/debian/patches/cve-2010-3702.dpatch
+++ xpdf-3.02/debian/patches/cve-2010-3702.dpatch
@@ -0,0 +1,25 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+# description: fix cve-2010-3720
+# author: Michael Gilbert <michael.s.gilbert@gmail.com>
+
+@DPATCH@
+diff -ur orig/xpdf-3.02/xpdf/Gfx.cc xpdf-3.02/xpdf/Gfx.cc
+--- orig/xpdf-3.02/xpdf/Gfx.cc	2007-02-27 17:05:52.000000000 -0500
++++ xpdf-3.02/xpdf/Gfx.cc	2010-10-11 21:11:14.000000000 -0400
+@@ -441,6 +441,7 @@
+ 	 void *abortCheckCbkDataA) {
+   int i;
+ 
++  parser = NULL;
+   xref = xrefA;
+   subPage = gFalse;
+   printCommands = globalParams->getPrintCommands();
+@@ -483,6 +484,7 @@
+ 	 void *abortCheckCbkDataA) {
+   int i;
+ 
++  parser = NULL;
+   xref = xrefA;
+   subPage = gTrue;
+   printCommands = globalParams->getPrintCommands();
+Only in xpdf-3.02/xpdf: Gfx.cc.rej