diff -u mesa-8.0.4/debian/changelog mesa-8.0.4/debian/changelog
--- mesa-8.0.4/debian/changelog
+++ mesa-8.0.4/debian/changelog
@@ -1,3 +1,13 @@
+mesa (8.0.4-0ubuntu0.2) precise-security; urgency=low
+
+  [ Steve Beattie ]
+  * SECURITY UPDATE: samplers array overflow (LP: #1046933)
+    - debian/patches/50-CVE-2012-2864.patch: ensure that more than
+      MAX_SAMPLERS are not used
+    - CVE-2012-2864
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 19 Oct 2012 09:04:04 -0400
+
 mesa (8.0.4-0ubuntu0.1) precise-proposed; urgency=low
 
   * New upstream stable release. (LP: #1019444)
diff -u mesa-8.0.4/debian/patches/series mesa-8.0.4/debian/patches/series
--- mesa-8.0.4/debian/patches/series
+++ mesa-8.0.4/debian/patches/series
@@ -17,0 +18 @@
+50-CVE-2012-2864.patch
only in patch2:
unchanged:
--- mesa-8.0.4.orig/debian/patches/50-CVE-2012-2864.patch
+++ mesa-8.0.4/debian/patches/50-CVE-2012-2864.patch
@@ -0,0 +1,33 @@
+Origin: http://cgit.freedesktop.org/mesa/mesa/commit/src/glsl/link_uniforms.cpp?id=ff996cafce511dd8a6c4e066e409c23e147a670c
+From ff996cafce511dd8a6c4e066e409c23e147a670c Mon Sep 17 00:00:00 2001
+From: Stéphane Marchesin <marcheu@chromium.org>
+Date: Wed, 15 Aug 2012 00:15:54 +0000
+Subject: glsl/linker: Avoid buffer over-run in parcel_out_uniform_storage::visit_field
+
+When too may uniforms are used, the error will be caught in
+check_resources (src/glsl/linker.cpp).
+
+NOTE: This is a candidate for the 8.0 branch.
+
+Signed-off-by: Stéphane Marchesin <marcheu@chromium.org>
+Reviewed-by: Ian Romanick <ian.d.romanick@intel.com>
+Tested-by: Benoit Jacob <bjacob@mozilla.com>
+
+CVE-2012-2864
+
+---
+(limited to 'src/glsl/link_uniforms.cpp')
+
+Index: mesa-8.0.4/src/glsl/link_uniforms.cpp
+===================================================================
+--- mesa-8.0.4.orig/src/glsl/link_uniforms.cpp	2012-10-19 09:02:52.998649667 -0400
++++ mesa-8.0.4/src/glsl/link_uniforms.cpp	2012-10-19 09:03:55.490649071 -0400
+@@ -275,7 +275,7 @@
+ 	 const gl_texture_index target = base_type->sampler_index();
+ 	 const unsigned shadow = base_type->sampler_shadow;
+ 	 for (unsigned i = this->uniforms[id].sampler
+-		 ; i < this->next_sampler
++		 ; i < MIN2(this->next_sampler, MAX_SAMPLERS)
+ 		 ; i++) {
+ 	    this->targets[i] = target;
+ 	    this->shader_samplers_used |= 1U << i;