diff -Nru jasper-1.900.1/debian/changelog jasper-1.900.1/debian/changelog
--- jasper-1.900.1/debian/changelog	2011-12-19 14:39:55.000000000 +0000
+++ jasper-1.900.1/debian/changelog	2012-01-04 18:15:49.000000000 +0000
@@ -1,13 +1,10 @@
-jasper (1.900.1-12ubuntu1) precise; urgency=low
+jasper (1.900.1-13) unstable; urgency=high
 
-  * SECURITY UPDATE: denial of service and possible code execution via
-    heap-based buffer overflows.
-    - debian/patches/03-CVE-2011-451x.patch: validate compparms->numrlvls
-      and allocate proper size in src/libjasper/jpc/jpc_cs.c.
-    - CVE-2011-4516
-    - CVE-2011-4517
+  * Fix CVE-2011-4516 and CVE-2011-4517: Two buffer overflow issues possibly
+    exploitable via specially crafted input files (Closes: #652649)
+    Thanks to Red Hat and Michael Gilbert
 
- -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 19 Dec 2011 09:36:08 -0500
+ -- Roland Stigge <stigge@antcom.de>  Wed, 04 Jan 2012 19:14:40 +0100
 
 jasper (1.900.1-12) unstable; urgency=low
 
diff -Nru jasper-1.900.1/debian/control jasper-1.900.1/debian/control
--- jasper-1.900.1/debian/control	2011-12-19 15:30:22.000000000 +0000
+++ jasper-1.900.1/debian/control	2011-11-02 16:13:09.000000000 +0000
@@ -1,8 +1,7 @@
 Source: jasper
 Priority: optional
 Section: graphics
-Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
-XSBC-Original-Maintainer: Roland Stigge <stigge@antcom.de>
+Maintainer: Roland Stigge <stigge@antcom.de>
 Build-Depends: debhelper (>= 8.1.3~), freeglut3-dev, libjpeg8-dev, libxi-dev, libxmu-dev, libxt-dev, autotools-dev
 Standards-Version: 3.9.2
 
diff -Nru jasper-1.900.1/debian/patches/03-CVE-2011-4516-and-CVE-2011-4517.patch jasper-1.900.1/debian/patches/03-CVE-2011-4516-and-CVE-2011-4517.patch
--- jasper-1.900.1/debian/patches/03-CVE-2011-4516-and-CVE-2011-4517.patch	1970-01-01 00:00:00.000000000 +0000
+++ jasper-1.900.1/debian/patches/03-CVE-2011-4516-and-CVE-2011-4517.patch	2012-01-04 18:19:10.000000000 +0000
@@ -0,0 +1,31 @@
+Description: Fix for CVE-2011-4516 and CVE-2011-4517
+ This patch fixes a possible denial of service and code execution via
+ heap-based buffer overflows.
+Author: Michael Gilbert <michael.s.gilbert@gmail.com>
+Origin: Patch thanks to Red Hat
+Bug-Debian: http://bugs.debian.org/652649
+
+Index: jasper-1.900.1/src/libjasper/jpc/jpc_cs.c
+===================================================================
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c	2011-12-19 09:35:34.186909298 -0500
++++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c	2011-12-19 09:35:51.198909832 -0500
+@@ -744,6 +744,10 @@
+ 		return -1;
+ 	}
+ 	compparms->numrlvls = compparms->numdlvls + 1;
++	if (compparms->numrlvls > JPC_MAXRLVLS) {
++		jpc_cox_destroycompparms(compparms);
++		return -1;
++	}
+ 	if (prtflag) {
+ 		for (i = 0; i < compparms->numrlvls; ++i) {
+ 			if (jpc_getuint8(in, &tmp)) {
+@@ -1331,7 +1335,7 @@
+ 	jpc_crgcomp_t *comp;
+ 	uint_fast16_t compno;
+ 	crg->numcomps = cstate->numcomps;
+-	if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) {
++	if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) {
+ 		return -1;
+ 	}
+ 	for (compno = 0, comp = crg->comps; compno < cstate->numcomps;
diff -Nru jasper-1.900.1/debian/patches/03-CVE-2011-451x.patch jasper-1.900.1/debian/patches/03-CVE-2011-451x.patch
--- jasper-1.900.1/debian/patches/03-CVE-2011-451x.patch	2011-12-19 14:39:44.000000000 +0000
+++ jasper-1.900.1/debian/patches/03-CVE-2011-451x.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,28 +0,0 @@
-Description: fix denial of service and possible code execution via
- heap-based buffer overflows.
-Origin: Patch thanks to Red Hat
-
-Index: jasper-1.900.1/src/libjasper/jpc/jpc_cs.c
-===================================================================
---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c	2011-12-19 09:35:34.186909298 -0500
-+++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c	2011-12-19 09:35:51.198909832 -0500
-@@ -744,6 +744,10 @@
- 		return -1;
- 	}
- 	compparms->numrlvls = compparms->numdlvls + 1;
-+	if (compparms->numrlvls > JPC_MAXRLVLS) {
-+		jpc_cox_destroycompparms(compparms);
-+		return -1;
-+	}
- 	if (prtflag) {
- 		for (i = 0; i < compparms->numrlvls; ++i) {
- 			if (jpc_getuint8(in, &tmp)) {
-@@ -1331,7 +1335,7 @@
- 	jpc_crgcomp_t *comp;
- 	uint_fast16_t compno;
- 	crg->numcomps = cstate->numcomps;
--	if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) {
-+	if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) {
- 		return -1;
- 	}
- 	for (compno = 0, comp = crg->comps; compno < cstate->numcomps;
diff -Nru jasper-1.900.1/debian/patches/series jasper-1.900.1/debian/patches/series
--- jasper-1.900.1/debian/patches/series	2011-12-19 14:35:07.000000000 +0000
+++ jasper-1.900.1/debian/patches/series	2012-01-04 18:13:48.000000000 +0000
@@ -1,3 +1,3 @@
 01-misc-fixes.patch
 02-fix-filename-buffer-overflow.patch
-03-CVE-2011-451x.patch
+03-CVE-2011-4516-and-CVE-2011-4517.patch