=== modified file 'debian/changelog'
--- debian/changelog	2017-05-24 13:08:13 +0000
+++ debian/changelog	2017-05-24 13:22:41 +0000
@@ -1,11 +1,21 @@
+libytnef (1.9.2-1ubuntu0.17.04) zesty-security; urgency=medium
+
+  * SECURITY UPDATE: Fix a heap buffer overflow in SIZECHECK macro
+    - Add CVE-2017-9058.patch from Debian 1.9.2-2 (LP: #1666884)
+    - CVE-2017-9058
+  * Add CVE information to previous changelog entry.
+
+ -- Jeremy Bicha <jbicha@ubuntu.com>  Wed, 24 May 2017 09:22:30 -0400
+
 libytnef (1.9.2-1) unstable; urgency=medium
 
   * QA upload.
   * New upstream release.
     - This release contains additional security fixes:
-      + Invalid memory access (heap overrun) in handling LONG data types
-      + Missing check for fields of size 0
-      + Potential buffer overrun in incoming compressed RTF streams
+      [CVE-2017-6800] Invalid memory access (heap overrun) in handling
+                      LONG data types
+      [CVE-2017-6801] Missing check for fields of size 0
+      [CVE-2017-6802] Potential buffer overrun in compressed RTF streams
   * Add CVE information to previous changelog entry.
   * Install pkg-config .pc file to -dev package.
 

=== added directory 'debian/patches'
=== added file 'debian/patches/CVE-2017-9058.patch'
--- debian/patches/CVE-2017-9058.patch	1970-01-01 00:00:00 +0000
+++ debian/patches/CVE-2017-9058.patch	2017-05-22 21:45:38 +0000
@@ -0,0 +1,13 @@
+Index: ytnef/lib/ytnef.c
+===================================================================
+--- ytnef.orig/lib/ytnef.c
++++ ytnef/lib/ytnef.c
+@@ -57,7 +57,7 @@
+ 
+ #define ALLOCCHECK(x) { if(!x) { printf("Out of Memory at %s : %i\n", __FILE__, __LINE__); return(-1); } }
+ #define ALLOCCHECK_CHAR(x) { if(!x) { printf("Out of Memory at %s : %i\n", __FILE__, __LINE__); return(NULL); } }
+-#define SIZECHECK(x) { if ((((char *)d - (char *)data) + x) > size) {  printf("Corrupted file detected at %s : %i\n", __FILE__, __LINE__); return(-1); } }
++#define SIZECHECK(x) { if ((((char *)d - (char *)data) + x) >= size) {  printf("Corrupted file detected at %s : %i\n", __FILE__, __LINE__); return(-1); } }
+ 
+ int TNEFFillMapi(TNEFStruct *TNEF, BYTE *data, DWORD size, MAPIProps *p);
+ void SetFlip(void);

=== added file 'debian/patches/series'
--- debian/patches/series	1970-01-01 00:00:00 +0000
+++ debian/patches/series	2017-05-22 21:45:11 +0000
@@ -0,0 +1,1 @@
+CVE-2017-9058.patch