diff -Nru icoutils-0.29.1/debian/changelog icoutils-0.29.1/debian/changelog
--- icoutils-0.29.1/debian/changelog	2017-01-20 19:18:31.000000000 +0000
+++ icoutils-0.29.1/debian/changelog	2017-03-09 19:23:35.000000000 +0000
@@ -1,3 +1,19 @@
+icoutils (0.29.1-2ubuntu0.2) precise-security; urgency=medium
+
+  * SECURITY UPDATE: buffer overflow in decode_ne_resource_id
+    - debian/patches/CVE-2017-6009.patch: use unsigned char in
+      wrestool/restable.c.
+    - CVE-2017-6009
+  * SECURITY UPDATE: buffer overflow and out-of-bounds read
+    - debian/patches/CVE-2017-601x-1.patch: check width of bitmaps in
+      icotool/extract.c.
+    - debian/patches/CVE-2017-601x-2.patch: fix type aliasing in
+      icotool/extract.c.
+    - CVE-2017-6010
+    - CVE-2017-6011
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 09 Mar 2017 14:20:24 -0500
+
 icoutils (0.29.1-2ubuntu0.1) precise-security; urgency=medium
 
   * SECURITY UPDATE: integer overflow vulnerability in the wrestool utility
diff -Nru icoutils-0.29.1/debian/patches/CVE-2017-6009.patch icoutils-0.29.1/debian/patches/CVE-2017-6009.patch
--- icoutils-0.29.1/debian/patches/CVE-2017-6009.patch	1970-01-01 00:00:00.000000000 +0000
+++ icoutils-0.29.1/debian/patches/CVE-2017-6009.patch	2017-03-09 19:19:42.000000000 +0000
@@ -0,0 +1,26 @@
+From f148ae5af1c9eeb85610a5653a7f625dd6c3ac2e Mon Sep 17 00:00:00 2001
+From: Martin Gieseking <martin.gieseking@uos.de>
+Date: Mon, 6 Mar 2017 20:51:45 +0100
+Subject: Fix buffer out-of-bounds access found by Jerzy Kramarz
+ <op7ica@gmail.com>.
+
+---
+ wrestool/restable.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/wrestool/restable.c b/wrestool/restable.c
+index 20b393c..0a97914 100644
+--- a/wrestool/restable.c
++++ b/wrestool/restable.c
+@@ -223,7 +223,7 @@ decode_ne_resource_id (WinLibrary *fi, WinResource *wr, uint16_t value)
+ 		/* translate id into a string */
+ 		snprintf(wr->id, WINRES_ID_MAXLEN, "%d", value & ~NE_RESOURCE_NAME_IS_NUMERIC);
+ 	} else {					/* ASCII string id */
+-		int len;
++		unsigned char len;
+ 		char *mem = (char *) NE_HEADER(fi->memory)
+ 		                     + NE_HEADER(fi->memory)->rsrctab
+ 		                     + value;
+-- 
+cgit v1.0-41-gc330
+
diff -Nru icoutils-0.29.1/debian/patches/CVE-2017-601x-1.patch icoutils-0.29.1/debian/patches/CVE-2017-601x-1.patch
--- icoutils-0.29.1/debian/patches/CVE-2017-601x-1.patch	1970-01-01 00:00:00.000000000 +0000
+++ icoutils-0.29.1/debian/patches/CVE-2017-601x-1.patch	2017-03-09 19:19:47.000000000 +0000
@@ -0,0 +1,27 @@
+From bf97b99109607d4367a4e57df9a37cbcac02e220 Mon Sep 17 00:00:00 2001
+From: Martin Gieseking <martin.gieseking@uos.de>
+Date: Mon, 6 Mar 2017 22:11:20 +0100
+Subject: Sanity check width of icon bitmaps
+
+---
+ icotool/extract.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/icotool/extract.c b/icotool/extract.c
+index 97df9a7..a740def 100644
+--- a/icotool/extract.c
++++ b/icotool/extract.c
+@@ -234,6 +234,10 @@ extract_icons(FILE *in, char *inname, bool listmode, ExtractNameGen outfile_gen,
+ 							goto done;
+ 						offset += sizeof(Win32RGBQuad) * palette_count;
+ 					}
++					if (abs(bitmap.width) > INT32_MAX/max(4, bitmap.bit_count)) {
++						warn(_("bitmap width too large"));
++						goto done;
++					}
+ 
+ 					width = bitmap.width;
+ 					height = abs(bitmap.height)/2;
+-- 
+cgit v1.0-41-gc330
+
diff -Nru icoutils-0.29.1/debian/patches/CVE-2017-601x-2.patch icoutils-0.29.1/debian/patches/CVE-2017-601x-2.patch
--- icoutils-0.29.1/debian/patches/CVE-2017-601x-2.patch	1970-01-01 00:00:00.000000000 +0000
+++ icoutils-0.29.1/debian/patches/CVE-2017-601x-2.patch	2017-03-09 19:19:51.000000000 +0000
@@ -0,0 +1,49 @@
+From 45a0207225df4cd4b82f41eee636e21f11a7db74 Mon Sep 17 00:00:00 2001
+From: Martin Gieseking <martin.gieseking@uos.de>
+Date: Mon, 6 Mar 2017 22:12:27 +0100
+Subject: Fix type aliasing in extract_icons()
+
+---
+ icotool/extract.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/icotool/extract.c b/icotool/extract.c
+index a740def..ad06723 100644
+--- a/icotool/extract.c
++++ b/icotool/extract.c
+@@ -138,7 +138,8 @@ extract_icons(FILE *in, char *inname, bool listmode, ExtractNameGen outfile_gen,
+ 				Win32RGBQuad *palette = NULL;
+ 				uint32_t palette_count = 0;
+ 				uint32_t image_size, mask_size;
+-				uint32_t width, height, bit_count;
++				int32_t width, height;
++				uint32_t bit_count;
+ 				uint8_t *image_data = NULL, *mask_data = NULL;
+ 				png_structp png_ptr = NULL;
+ 				png_infop info_ptr = NULL;
+@@ -154,16 +155,19 @@ extract_icons(FILE *in, char *inname, bool listmode, ExtractNameGen outfile_gen,
+ 				/* Vista icon: it's just a raw PNG */
+ 				if (bitmap.size == ICO_PNG_MAGIC)
+ 				{
++					uint32_t unsigned_width, unsigned_height;
+ 					fseek(in, offset, SEEK_SET);
+ 				
+ 					image_size = entries[c].dib_size;
+ 					image_data = xmalloc(image_size);
+ 					if (!xfread(image_data, image_size, in))
+ 						goto done;
+-					
+-					if (!read_png (image_data, image_size, &bit_count, &width, &height))
++
++					if (!read_png (image_data, image_size, &bit_count, &unsigned_width, &unsigned_height))
+ 						goto done;
+-					
++
++					width = (int32_t)unsigned_width;
++					height = (int32_t)unsigned_height;
+ 					completed++;
+ 					
+ 					if (!filter(completed, width, height, bitmap.bit_count, palette_count, dir.type == 1,
+-- 
+cgit v1.0-41-gc330
+
diff -Nru icoutils-0.29.1/debian/patches/series icoutils-0.29.1/debian/patches/series
--- icoutils-0.29.1/debian/patches/series	2017-01-20 19:13:51.000000000 +0000
+++ icoutils-0.29.1/debian/patches/series	2017-03-09 19:19:51.000000000 +0000
@@ -3,3 +3,6 @@
 CVE-2017-5332-1.patch
 CVE-2017-5332-2-and-CVE-2017-5333.patch
 
+CVE-2017-6009.patch
+CVE-2017-601x-1.patch
+CVE-2017-601x-2.patch