diff -Nru zathura-0.0.8.5/debian/changelog zathura-0.0.8.5/debian/changelog
--- zathura-0.0.8.5/debian/changelog	2011-12-06 21:23:42.000000000 +0000
+++ zathura-0.0.8.5/debian/changelog	2011-12-20 10:43:35.000000000 +0000
@@ -1,8 +1,16 @@
-zathura (0.0.8.5-2build1) precise; urgency=low
+zathura (0.0.8.5-4) unstable; urgency=low
 
-  * Rebuild with libpoppler-glib8.
+  * Enable all hardening flags. Thanks to Simon Ruderich for the patch.
+    (Closes: #652688)
 
- -- James Page <james.page@ubuntu.com>  Tue, 06 Dec 2011 21:23:41 +0000
+ -- Sebastian Ramacher <s.ramacher@gmx.at>  Tue, 20 Dec 2011 11:43:33 +0100
+
+zathura (0.0.8.5-3) unstable; urgency=low
+
+  * debian/patches: add safe-realloc-fix from upstream to fix crash while
+    trying to complete unknown commands.
+
+ -- Sebastian Ramacher <s.ramacher@gmx.at>  Mon, 12 Dec 2011 01:21:19 +0100
 
 zathura (0.0.8.5-2) unstable; urgency=low
 
diff -Nru zathura-0.0.8.5/debian/patches/safe-realloc-fix zathura-0.0.8.5/debian/patches/safe-realloc-fix
--- zathura-0.0.8.5/debian/patches/safe-realloc-fix	1970-01-01 00:00:00.000000000 +0000
+++ zathura-0.0.8.5/debian/patches/safe-realloc-fix	2011-12-12 00:27:05.000000000 +0000
@@ -0,0 +1,48 @@
+Subject: Fix invalid call to safe_realloc in auto completion.
+Origin: http://git.pwmt.org/?p=zathura.git;a=commitdiff;h=747a694f
+Bug: http://bt.pwmt.org/view.php?id=80
+Last-Update: 2011-12-12
+
+diff --git a/zathura.c b/zathura.c
+index 218d7d3..aa736c7 100644
+--- a/zathura.c
++++ b/zathura.c
+@@ -10,6 +10,7 @@
+ #include <unistd.h>
+ #include <libgen.h>
+ #include <math.h>
++#include <assert.h>
+ 
+ #include <poppler/glib/poppler.h>
+ #include <cairo.h>
+@@ -1546,6 +1547,9 @@ safe_realloc(void** ptr, size_t nmemb, size_t size)
+   static const size_t limit = ~((size_t)0u);
+   void* tmp = NULL;
+ 
++  assert(nmemb != 0);
++  assert(size != 0);
++
+   /* Check for overflow. */
+   if(nmemb > limit / size)
+     goto failure;
+@@ -2988,9 +2992,14 @@ isc_completion(Argument* argument)
+         }
+       }
+ 
+-      rows = safe_realloc((void**)&rows, n_items, sizeof(CompletionRow));
+-      if(!rows)
+-        out_of_memory();
++      if (n_items == 0) {
++        free(rows);
++        rows = NULL;
++      } else {
++        rows = safe_realloc((void**)&rows, n_items, sizeof(CompletionRow));
++        if(!rows)
++          out_of_memory();
++      }
+     }
+ 
+     gtk_box_pack_start(Zathura.UI.box, GTK_WIDGET(results), FALSE, FALSE, 0);
+-- 
+1.7.7.3
+
diff -Nru zathura-0.0.8.5/debian/patches/series zathura-0.0.8.5/debian/patches/series
--- zathura-0.0.8.5/debian/patches/series	2011-11-10 12:18:59.000000000 +0000
+++ zathura-0.0.8.5/debian/patches/series	2011-12-12 00:23:05.000000000 +0000
@@ -1 +1,2 @@
 use-sensible-browser-as-default-browser
+safe-realloc-fix
diff -Nru zathura-0.0.8.5/debian/rules zathura-0.0.8.5/debian/rules
--- zathura-0.0.8.5/debian/rules	2011-11-11 08:27:22.000000000 +0000
+++ zathura-0.0.8.5/debian/rules	2011-12-20 10:43:25.000000000 +0000
@@ -1,10 +1,13 @@
 #!/usr/bin/make -f
 # -*- makefile -*-
 
+# Use hardening flags.
+dpkg_buildflags = DEB_BUILD_MAINT_OPTIONS="hardening=+all" dpkg-buildflags
+
 # zathura's build system does not support CPPFLAGS yet
-export CFLAGS=$(shell dpkg-buildflags --get CPPFLAGS) $(shell dpkg-buildflags --get CFLAGS)
+export CFLAGS=$(shell $(dpkg_buildflags) --get CPPFLAGS) $(shell $(dpkg_buildflags) --get CFLAGS)
 # remove unused libraries to reduce dependencies
-export LDFLAGS=-Wl,--as-needed $(shell dpkg-buildflags --get LDFLAGS)
+export LDFLAGS=-Wl,--as-needed $(shell $(dpkg_buildflags) --get LDFLAGS)
 # do not strip
 export SFLAGS=
 # build with verbose output