diff -Nru dpkg-1.16.1.2ubuntu7.4/debian/changelog dpkg-1.16.1.2ubuntu7.5/debian/changelog
--- dpkg-1.16.1.2ubuntu7.4/debian/changelog	2014-05-01 12:04:51.000000000 +0000
+++ dpkg-1.16.1.2ubuntu7.5/debian/changelog	2014-06-09 17:00:47.000000000 +0000
@@ -1,3 +1,14 @@
+dpkg (1.16.1.2ubuntu7.5) precise-security; urgency=medium
+
+  * SECURITY UPDATE: arbitrary file modification via dpkg-source
+    - scripts/Dpkg/Source/Patch.pm: Use a better regex for patch header
+      parsing
+    - 5348cbc981a65c3c9b05bb4d13553bda930c2d78
+    - CVE-2014-3864
+    - CVE-2014-3865
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 09 Jun 2014 13:00:47 -0400
+
 dpkg (1.16.1.2ubuntu7.4) precise-security; urgency=medium
 
   * SECURITY UPDATE: directory traversal in dpkg-source
diff -Nru dpkg-1.16.1.2ubuntu7.4/scripts/Dpkg/Source/Patch.pm dpkg-1.16.1.2ubuntu7.5/scripts/Dpkg/Source/Patch.pm
--- dpkg-1.16.1.2ubuntu7.4/scripts/Dpkg/Source/Patch.pm	2014-05-01 12:04:41.000000000 +0000
+++ dpkg-1.16.1.2ubuntu7.5/scripts/Dpkg/Source/Patch.pm	2014-06-09 16:55:51.000000000 +0000
@@ -387,7 +387,7 @@
     while (defined($_) || not eof($self)) {
 	my (%path, %fn);
 	# skip comments leading up to patch (if any)
-	until (/^--- /) {
+	until (/^(?:--- |\+\+\+ |@@ -)/) {
 	    last HUNK if not defined($_ = getline($self));
 	}
 	$diff_count++;