=== modified file 'debian/changelog'
--- debian/changelog	2017-05-24 13:23:29 +0000
+++ debian/changelog	2017-05-24 13:24:13 +0000
@@ -1,3 +1,11 @@
+libytnef (1.5-6ubuntu0.2) trusty-security; urgency=medium
+
+  * SECURITY UPDATE: Fix a heap buffer overflow in SIZECHECK macro
+    - Add CVE-2017-9058.patch from Debian 1.9.2-2 (LP: #1666884)
+    - CVE-2017-9058
+
+ -- Jeremy Bicha <jbicha@ubuntu.com>  Wed, 24 May 2017 09:23:54 -0400
+
 libytnef (1.5-6ubuntu0.1) trusty-security; urgency=medium
 
   * SECURITY UPDATE: multiple security issues

=== added file 'debian/patches/CVE-2017-9058.patch'
--- debian/patches/CVE-2017-9058.patch	1970-01-01 00:00:00 +0000
+++ debian/patches/CVE-2017-9058.patch	2017-05-24 13:24:13 +0000
@@ -0,0 +1,13 @@
+Index: ytnef/lib/ytnef.c
+===================================================================
+--- ytnef.orig/ytnef.c
++++ ytnef/ytnef.c
+@@ -57,7 +57,7 @@
+ 
+ #define ALLOCCHECK(x) { if(!x) { printf("Out of Memory at %s : %i\n", __FILE__, __LINE__); return(-1); } }
+ #define ALLOCCHECK_CHAR(x) { if(!x) { printf("Out of Memory at %s : %i\n", __FILE__, __LINE__); return(NULL); } }
+-#define SIZECHECK(x) { if ((((char *)d - (char *)data) + x) > size) {  printf("Corrupted file detected at %s : %i\n", __FILE__, __LINE__); return(-1); } }
++#define SIZECHECK(x) { if ((((char *)d - (char *)data) + x) >= size) {  printf("Corrupted file detected at %s : %i\n", __FILE__, __LINE__); return(-1); } }
+ 
+ int TNEFFillMapi(TNEFStruct *TNEF, BYTE *data, DWORD size, MAPIProps *p);
+ void SetFlip(void);

=== modified file 'debian/patches/series'
--- debian/patches/series	2017-05-24 13:23:29 +0000
+++ debian/patches/series	2017-05-24 13:24:13 +0000
@@ -2,3 +2,4 @@
 CVE-2010-5109.diff
 0001-Fixes-for-CVE-2017-6298-to-6306.patch
 0002-Fixes-for-CVE-2017-6800-CVE-2017-6801-and-CVE-2017-6.patch
+CVE-2017-9058.patch