diff -Nru netsurf-2.8/debian/changelog netsurf-2.8/debian/changelog
--- netsurf-2.8/debian/changelog	2011-09-22 15:34:32.000000000 +0000
+++ netsurf-2.8/debian/changelog	2012-02-16 12:02:30.000000000 +0000
@@ -1,3 +1,10 @@
+netsurf (2.8-2) unstable; urgency=high
+
+  * Fix user settings directory permissions (Closes: #659376) 
+    Fixes: CVE-2012-0844
+
+ -- Vincent Sanders <vince@debian.org>  Thu, 16 Feb 2012 10:59:13 +0000
+
 netsurf (2.8-1) unstable; urgency=low
 
   * New upstream release
diff -Nru netsurf-2.8/debian/patches/fix-directory-create-permissions.patch netsurf-2.8/debian/patches/fix-directory-create-permissions.patch
--- netsurf-2.8/debian/patches/fix-directory-create-permissions.patch	1970-01-01 00:00:00.000000000 +0000
+++ netsurf-2.8/debian/patches/fix-directory-create-permissions.patch	2012-02-16 10:53:39.000000000 +0000
@@ -0,0 +1,36 @@
+--- a/netsurf-2.8/gtk/gui.c
++++ b/netsurf-2.8/gtk/gui.c
+@@ -457,10 +457,12 @@
+ 	snprintf(buf, PATH_MAX, "%s/.netsurf", hdir);
+ 	if (access(buf, F_OK) != 0) {
+ 		LOG(("You don't have a ~/.netsurf - creating one for you."));
+-		if (mkdir(buf, 0777) == -1) {
++		if (mkdir(buf, S_IRWXU) == -1) {
+ 			LOG(("Unable to create %s", buf));
+ 			die("NetSurf requires ~/.netsurf to exist, but it cannot be created.\n");
+ 		}
++	} else {
++		chmod(buf, S_IRWXU);
+ 	}
+ }
+ 
+--- a/netsurf-2.8/utils/container.c
++++ b/netsurf-2.8/utils/container.c
+@@ -437,7 +437,7 @@
+ 		free(themename);
+ 		return NULL;
+ 	}
+-	mkdir(dirname, 00777);
++	mkdir(dirname, S_IRWXU);
+ 
+ 	for (e = container_iterate(cctx, &state), i = 0; i < cctx->entries;
+ 			e = container_iterate(cctx, &state), i++) {
+@@ -533,7 +533,7 @@
+ 		exit(1);
+ 	}
+ 
+-	mkdir(dirname, 00777);
++	mkdir(dirname, S_IRWXU);
+ 
+ 	cctx = container_open(themefile);
+ 	if (cctx == NULL) {
diff -Nru netsurf-2.8/debian/patches/series netsurf-2.8/debian/patches/series
--- netsurf-2.8/debian/patches/series	2011-09-22 13:32:08.000000000 +0000
+++ netsurf-2.8/debian/patches/series	2012-02-16 11:04:22.000000000 +0000
@@ -1,2 +1,3 @@
 disable-libmng.patch
 fix-netsurf-binary-install
+fix-directory-create-permissions.patch