diff -Nru pdns-3.3.1/debian/changelog pdns-3.3.1/debian/changelog
--- pdns-3.3.1/debian/changelog	2014-07-07 19:54:24.000000000 +0000
+++ pdns-3.3.1/debian/changelog	2015-04-30 18:46:15.000000000 +0000
@@ -1,8 +1,16 @@
-pdns (3.3.1-4~ubuntu14.04.1) trusty-backports; urgency=medium
+pdns (3.3.1-4ubuntu0.1~ubuntu14.04.1) trusty-backports; urgency=medium
 
   * No-change backport to trusty (LP: #1338153)
 
- -- Felix Geyer <debfx@ubuntu.com>  Mon, 07 Jul 2014 21:54:24 +0200
+ -- Felix Geyer <debfx@ubuntu.com>  Thu, 30 Apr 2015 20:46:15 +0200
+
+pdns (3.3.1-4ubuntu0.1) utopic-security; urgency=medium
+
+  * SECURITY UPDATE: label decompression bug (LP: #1450037)
+    - debian/patches/CVE-2015-1868: apply upstream fix
+    - CVE-2015-1868
+
+ -- Felix Geyer <debfx@ubuntu.com>  Wed, 29 Apr 2015 16:21:06 +0200
 
 pdns (3.3.1-4) unstable; urgency=medium
 
diff -Nru pdns-3.3.1/debian/control pdns-3.3.1/debian/control
--- pdns-3.3.1/debian/control	2014-06-09 18:57:50.000000000 +0000
+++ pdns-3.3.1/debian/control	2015-04-30 16:34:17.000000000 +0000
@@ -2,7 +2,8 @@
 Section: net
 Priority: extra
 Standards-Version: 3.9.5
-Maintainer: Debian PowerDNS Maintainers <pkg-pdns-maintainers@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian PowerDNS Maintainers <pkg-pdns-maintainers@lists.alioth.debian.org>
 Uploaders: Matthijs Möhlmann <matthijs@cacholong.nl>, Marc Haber <mh+debian-packages@zugschlus.de>, Christian Hofstaedtler <zeha@debian.org>
 Build-Depends: debhelper (>= 9~), dh-autoreconf, po-debconf, libtool, flex, bison, libmysqlclient-dev, libpq-dev, libssl-dev, libpolarssl-dev, libgdbm-dev, libldap2-dev, libsqlite3-dev, dpkg-dev (>= 1.10.17), libboost-dev, libboost-serialization-dev, libboost-program-options-dev, libboost-test-dev, autotools-dev, automake, autoconf, liblua5.1-0-dev, pkg-config, libcrypto++-dev, ragel, libgmp-dev, libbotan1.10-dev
 Vcs-Git: git://git.debian.org/pkg-pdns/pdns.git
diff -Nru pdns-3.3.1/debian/patches/CVE-2015-1868 pdns-3.3.1/debian/patches/CVE-2015-1868
--- pdns-3.3.1/debian/patches/CVE-2015-1868	1970-01-01 00:00:00.000000000 +0000
+++ pdns-3.3.1/debian/patches/CVE-2015-1868	2015-04-30 16:33:40.000000000 +0000
@@ -0,0 +1,28 @@
+Description: PowerDNS Security Advisory 2015-01: Label decompression bug can cause crashes on specific platforms
+Origin: https://downloads.powerdns.com/patches/2015-01/others.patch
+
+diff --git a/pdns/dnsparser.cc b/pdns/dnsparser.cc
+index 595a4af..b89d840 100644
+--- a/pdns/dnsparser.cc
++++ b/pdns/dnsparser.cc
+@@ -455,9 +455,10 @@ string PacketReader::getText(bool multi)
+ 
+ void PacketReader::getLabelFromContent(const vector<uint8_t>& content, uint16_t& frompos, string& ret, int recurs) 
+ {
+-  if(recurs > 1000) // the forward reference-check below should make this test 100% obsolete
++  if(recurs > 100) // the forward reference-check below should make this test 100% obsolete
+     throw MOADNSException("Loop");
+ 
++  int pos = frompos;
+   for(;;) {
+     unsigned char labellen=content.at(frompos++);
+ 
+@@ -470,7 +471,7 @@ void PacketReader::getLabelFromContent(const vector<uint8_t>& content, uint16_t&
+       uint16_t offset=256*(labellen & ~0xc0) + (unsigned int)content.at(frompos++) - sizeof(dnsheader);
+       //        cout<<"This is an offset, need to go to: "<<offset<<endl;
+ 
+-      if(offset >= frompos-2)
++      if(offset >= pos)
+         throw MOADNSException("forward reference during label decompression");
+       return getLabelFromContent(content, offset, ret, ++recurs);
+     }
diff -Nru pdns-3.3.1/debian/patches/series pdns-3.3.1/debian/patches/series
--- pdns-3.3.1/debian/patches/series	2014-06-09 18:57:50.000000000 +0000
+++ pdns-3.3.1/debian/patches/series	2015-04-30 16:33:40.000000000 +0000
@@ -1 +1,2 @@
 correct-rpath-and-pkglibdir
+CVE-2015-1868