diff -Nru libkdcraw-4.9.2/debian/changelog libkdcraw-4.9.2/debian/changelog
--- libkdcraw-4.9.2/debian/changelog	2012-10-02 10:34:40.000000000 -0400
+++ libkdcraw-4.9.2/debian/changelog	2013-06-20 14:10:59.000000000 -0400
@@ -1,3 +1,13 @@
+libkdcraw (4:4.9.2-0ubuntu1.1) quantal-security; urgency=low
+
+  * SECURITY UPDATE: denial of service and possible code execution via
+    broken full-color images (LP: #1193065)
+    - debian/patches/CVE-2013-2126: fix error handling in
+      libraw/src/libraw_cxx.cpp.
+    - CVE-2013-2126
+
+ -- Scott Kitterman <scott@kitterman.com>  Thu, 20 Jun 2013 14:02:00 -0400
+
 libkdcraw (4:4.9.2-0ubuntu1) quantal-proposed; urgency=low
 
   * New upstream bugfix release
diff -Nru libkdcraw-4.9.2/debian/patches/CVE-2013-2126 libkdcraw-4.9.2/debian/patches/CVE-2013-2126
--- libkdcraw-4.9.2/debian/patches/CVE-2013-2126	1969-12-31 19:00:00.000000000 -0500
+++ libkdcraw-4.9.2/debian/patches/CVE-2013-2126	2013-06-20 14:01:14.000000000 -0400
@@ -0,0 +1,31 @@
+Description: fix denial of service and possible code execution via
+ broken full-color images
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711317
+Origin: upstream, https://github.com/LibRaw/LibRaw/commit/c14ae36d28e80139b2f31b5d9d7623db3b597a3a
+
+Index: libkdcraw-4.9.2/libraw/src/libraw_cxx.cpp
+===================================================================
+--- libkdcraw-4.9.2.orig/libraw/src/libraw_cxx.cpp	2013-06-20 14:00:11.586584355 -0400
++++ libkdcraw-4.9.2/libraw/src/libraw_cxx.cpp	2013-06-20 14:00:11.578584355 -0400
+@@ -796,8 +796,8 @@
+                 S.iheight= S.height;
+                 IO.shrink = 0;
+                 // allocate image as temporary buffer, size 
+-                imgdata.rawdata.raw_alloc = calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
+-                imgdata.image = (ushort (*)[4]) imgdata.rawdata.raw_alloc;
++                imgdata.rawdata.raw_alloc = 0;
++                imgdata.image = (ushort (*)[4]) calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
+             }
+ 
+ 
+@@ -807,8 +807,8 @@
+         // recover saved
+         if( decoder_info.decoder_flags & LIBRAW_DECODER_LEGACY)
+             {
+-                imgdata.image = 0; 
+-                imgdata.rawdata.color_image = (ushort (*)[4]) imgdata.rawdata.raw_alloc;
++              imgdata.rawdata.raw_alloc = imgdata.rawdata.color_image = imgdata.image;
++              imgdata.image = 0;
+             }
+ 
+         // calculate channel maximum
diff -Nru libkdcraw-4.9.2/debian/patches/series libkdcraw-4.9.2/debian/patches/series
--- libkdcraw-4.9.2/debian/patches/series	1969-12-31 19:00:00.000000000 -0500
+++ libkdcraw-4.9.2/debian/patches/series	2013-06-20 14:00:08.000000000 -0400
@@ -0,0 +1,2 @@
+CVE-2013-2126
+