diff -u coreutils-8.13/debian/changelog coreutils-8.13/debian/changelog
--- coreutils-8.13/debian/changelog
+++ coreutils-8.13/debian/changelog
@@ -1,3 +1,13 @@
+coreutils (8.13-3ubuntu3.3) precise-security; urgency=medium
+
+  * SECURITY UPDATE: infinite loop or crash in TZ environment variable
+    handling.
+    - debian/patches/CVE-2014-9471.dpatch: modify lib/parse-datetime.y and
+      tests/misc/date to avoid crashing with malformed TZ
+    - CVE-2014-9471
+
+ -- Seth Arnold <seth.arnold@canonical.com>  Tue, 13 Jan 2015 19:31:30 -0800
+
 coreutils (8.13-3ubuntu3.2) precise-proposed; urgency=low
 
   * Backport upstream patch to avoid data-corrupting free-memory-read in
diff -u coreutils-8.13/debian/patches/00list coreutils-8.13/debian/patches/00list
--- coreutils-8.13/debian/patches/00list
+++ coreutils-8.13/debian/patches/00list
@@ -13,0 +14 @@
+CVE-2014-9471
only in patch2:
unchanged:
--- coreutils-8.13.orig/debian/patches/CVE-2014-9471.dpatch
+++ coreutils-8.13/debian/patches/CVE-2014-9471.dpatch
@@ -0,0 +1,54 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2014-9471.dpatch by Seth Arnold <seth.arnold@canonical.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Origin: http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872
+## DP: Origin: http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872
+## DP: Combined from previous two URLs, dropping NEWS entries
+## DP: Description: parse-datetime: fix crash or infloop in TZ="" parsing
+## DP: Author: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
+
+
+@DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' coreutils-8.13~/lib/parse-datetime.y coreutils-8.13/lib/parse-datetime.y
+--- coreutils-8.13~/lib/parse-datetime.y	2011-08-31 09:58:04.000000000 -0700
++++ coreutils-8.13/lib/parse-datetime.y	2015-01-09 17:30:06.916967256 -0800
+@@ -1295,8 +1295,6 @@
+             char tz1buf[TZBUFSIZE];
+             bool large_tz = TZBUFSIZE < tzsize;
+             bool setenv_ok;
+-            /* Free tz0, in case this is the 2nd or subsequent time through. */
+-            free (tz0);
+             tz0 = get_tz (tz0buf);
+             z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf;
+             for (s = tzbase; *s != '"'; s++)
+@@ -1308,7 +1306,12 @@
+             if (!setenv_ok)
+               goto fail;
+             tz_was_altered = true;
++
+             p = s + 1;
++            while (c = *p, c_isspace (c))
++              p++;
++
++            break;
+           }
+     }
+ 
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' coreutils-8.13~/tests/misc/date coreutils-8.13/tests/misc/date
+--- coreutils-8.13~/tests/misc/date	2011-08-31 11:00:55.000000000 -0700
++++ coreutils-8.13/tests/misc/date	2015-01-09 17:29:42.308966886 -0800
+@@ -282,6 +282,13 @@
+       # most others print  'WED DEC  8 07:30:00 1999'.
+       {OUT_SUBST => 's/ [ 0]8.*//'},
+       {OUT=>'WED DEC'}],
++
++     # From coreutils-5.3.0 to 8.22 inclusive
++     # this would either infinite loop or crash
++     ['invalid-TZ-crash', "-d 'TZ=\"\"\"'",
++      {ERR => "date: invalid date `TZ=\"\"\"'\n"},
++      {EXIT => 1},
++     ],
+     );
+ 
+ # Repeat the cross-dst test, using Jan 1, 2005 and every interval from 1..364.