diff -Nru android-platform-system-core-7.0.0+r33/debian/changelog android-platform-system-core-7.0.0+r33/debian/changelog
--- android-platform-system-core-7.0.0+r33/debian/changelog	2017-04-30 04:26:16.000000000 +0000
+++ android-platform-system-core-7.0.0+r33/debian/changelog	2017-07-05 13:55:06.000000000 +0000
@@ -1,10 +1,8 @@
-android-platform-system-core (1:7.0.0+r33-1ubuntu1) artful; urgency=medium
+android-platform-system-core (1:7.0.0+r33-2) unstable; urgency=medium
 
-  * Don't install transitional packages for adb and fastboot
-    until we decide whether we want to drop the versions provided
-    in the android-tools package
+  * fix CVE-2017-0647 (Closes: #867229)
 
- -- Jeremy Bicha <jbicha@ubuntu.com>  Sun, 30 Apr 2017 00:26:16 -0400
+ -- Hans-Christoph Steiner <hans@eds.org>  Wed, 05 Jul 2017 15:55:06 +0200
 
 android-platform-system-core (1:7.0.0+r33-1) unstable; urgency=medium
 
diff -Nru android-platform-system-core-7.0.0+r33/debian/control android-platform-system-core-7.0.0+r33/debian/control
--- android-platform-system-core-7.0.0+r33/debian/control	2017-04-30 04:26:16.000000000 +0000
+++ android-platform-system-core-7.0.0+r33/debian/control	2017-04-25 19:46:58.000000000 +0000
@@ -1,8 +1,7 @@
 Source: android-platform-system-core
 Section: devel
 Priority: optional
-Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
-XSBC-Original-Maintainer: Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
+Maintainer: Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
 Uploaders: Hans-Christoph Steiner <hans@eds.org>,
            Kai-Chung Yan <seamlikok@gmail.com>,
            Chirayu Desai <chirayudesai1@gmail.com>
@@ -274,18 +273,18 @@
 Description: Android sparse image tool
  A command line tool to append data to the end of a sparse image.
 
-#Package: android-tools-adb
-#Depends: adb, ${misc:Depends}
-#Architecture: all
-#Priority: extra
-#Section: oldlibs
-#Description: transitional package
-# This is a transitional package. It can safely be removed.
-
-#Package: android-tools-fastboot
-#Depends: fastboot, ${misc:Depends}
-#Architecture: all
-#Priority: extra
-#Section: oldlibs
-#Description: transitional package
-# This is a transitional package. It can safely be removed.
+Package: android-tools-adb
+Depends: adb, ${misc:Depends}
+Architecture: all
+Priority: extra
+Section: oldlibs
+Description: transitional package
+ This is a transitional package. It can safely be removed.
+
+Package: android-tools-fastboot
+Depends: fastboot, ${misc:Depends}
+Architecture: all
+Priority: extra
+Section: oldlibs
+Description: transitional package
+ This is a transitional package. It can safely be removed.
diff -Nru android-platform-system-core-7.0.0+r33/debian/patches/fix-CVE-2017-0647.patch android-platform-system-core-7.0.0+r33/debian/patches/fix-CVE-2017-0647.patch
--- android-platform-system-core-7.0.0+r33/debian/patches/fix-CVE-2017-0647.patch	1970-01-01 00:00:00.000000000 +0000
+++ android-platform-system-core-7.0.0+r33/debian/patches/fix-CVE-2017-0647.patch	2017-07-05 13:55:06.000000000 +0000
@@ -0,0 +1,43 @@
+Forwarded: not-needed
+Description: fix CVE-2017-0647
+
+https://android-review.googlesource.com/#/c/427603/
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0647
+https://android.googlesource.com/platform/system/core/+/3d6a43155c702bce0e7e2a93a67247b5ce3946a5%5E%21
+
+Fix out of bound read in libziparchive
+
+We should check the boundary of central directory before checking its
+signature. Swap the order of these two checks.
+
+Test: libziparchive doesn't read the signature after boundary check fails.
+
+--- a/libziparchive/zip_archive.cc
++++ b/libziparchive/zip_archive.cc
+@@ -386,6 +386,14 @@
+   const uint8_t* const cd_end = cd_ptr + cd_length;
+   const uint8_t* ptr = cd_ptr;
+   for (uint16_t i = 0; i < num_entries; i++) {
++    if (ptr > cd_end - sizeof(CentralDirectoryRecord)) {
++      ALOGW("Zip: ran off the end (at %" PRIu16 ")", i);
++#if defined(__ANDROID__)
++      android_errorWriteLog(0x534e4554, "36392138");
++#endif
++      return -1;
++    }
++
+     const CentralDirectoryRecord* cdr =
+         reinterpret_cast<const CentralDirectoryRecord*>(ptr);
+     if (cdr->record_signature != CentralDirectoryRecord::kSignature) {
+@@ -393,11 +401,6 @@
+       return -1;
+     }
+ 
+-    if (ptr + sizeof(CentralDirectoryRecord) > cd_end) {
+-      ALOGW("Zip: ran off the end (at %" PRIu16 ")", i);
+-      return -1;
+-    }
+-
+     const off64_t local_header_offset = cdr->local_file_header_offset;
+     if (local_header_offset >= archive->directory_offset) {
+       ALOGW("Zip: bad LFH offset %" PRId64 " at entry %" PRIu16,
diff -Nru android-platform-system-core-7.0.0+r33/debian/patches/series android-platform-system-core-7.0.0+r33/debian/patches/series
--- android-platform-system-core-7.0.0+r33/debian/patches/series	2017-04-30 04:26:16.000000000 +0000
+++ android-platform-system-core-7.0.0+r33/debian/patches/series	2017-07-05 13:53:22.000000000 +0000
@@ -6,3 +6,4 @@
 adb_libssl_11.diff
 adb_libssl_bc.diff
 move-log-file-to-proper-dir.patch
+fix-CVE-2017-0647.patch