diff -Nru game-music-emu-0.5.5/debian/changelog game-music-emu-0.5.5/debian/changelog
--- game-music-emu-0.5.5/debian/changelog	2010-03-22 13:32:36.000000000 +0000
+++ game-music-emu-0.5.5/debian/changelog	2016-12-14 05:56:39.000000000 +0000
@@ -1,3 +1,12 @@
+game-music-emu (0.5.5-2ubuntu0.14.04.1) trusty-security; urgency=medium
+
+  * SECURITY UPDATE: code execution via missing register value clamps
+    - debian/patches/missing_register_value_clamp.patch: clamp values to
+      uint8_t in gme/Spc_Cpu.cpp.
+    - No CVE number
+
+ -- Tyler Hicks <tyhicks@canonical.com>  Wed, 14 Dec 2016 05:55:59 +0000
+
 game-music-emu (0.5.5-2) unstable; urgency=low
 
   * debian/control,
diff -Nru game-music-emu-0.5.5/debian/control game-music-emu-0.5.5/debian/control
--- game-music-emu-0.5.5/debian/control	2010-03-22 13:34:42.000000000 +0000
+++ game-music-emu-0.5.5/debian/control	2016-12-14 02:12:23.000000000 +0000
@@ -1,7 +1,8 @@
 Source: game-music-emu
 Section: sound
 Priority: optional
-Maintainer: Sebastian Dröge <slomo@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Sebastian Dröge <slomo@debian.org>
 Build-Depends: debhelper (>= 7),
                cmake (>= 2.6.0)
 Standards-Version: 3.8.4
diff -Nru game-music-emu-0.5.5/debian/patches/missing_register_value_clamp.patch game-music-emu-0.5.5/debian/patches/missing_register_value_clamp.patch
--- game-music-emu-0.5.5/debian/patches/missing_register_value_clamp.patch	1970-01-01 00:00:00.000000000 +0000
+++ game-music-emu-0.5.5/debian/patches/missing_register_value_clamp.patch	2016-12-14 05:32:40.000000000 +0000
@@ -0,0 +1,45 @@
+Description: fix code execution via missing register value clamps
+Author: Chris Evans
+Origin: backport
+
+Index: game-music-emu-0.5.5/gme/Spc_Cpu.cpp
+===================================================================
+--- game-music-emu-0.5.5.orig/gme/Spc_Cpu.cpp
++++ game-music-emu-0.5.5/gme/Spc_Cpu.cpp
+@@ -104,8 +104,8 @@ spc_time_t Spc_Cpu::run( spc_time_t cycl
+ 	#define PUSH( v )       (*--sp = uint8_t (v))
+ 	#define PUSH16( v )     (sp -= 2, SET_LE16( sp, v ))
+ 	#define POP()           (*sp++)
+-	#define SET_SP( v )     (sp = ram + 0x101 + (v))
+-	#define GET_SP()        (sp - 0x101 - ram)
++	#define SET_SP( v )     (sp = ram + 0x101 + ((uint8_t) v))
++	#define GET_SP()        (uint8_t) (sp - 0x101 - ram)
+ 
+ 	uint8_t* sp;
+ 	SET_SP( r.sp );
+@@ -367,7 +367,7 @@ loop:
+ 	
+ 	case 0xAF: // MOV (X)+,A
+ 		WRITE_DP( x, a );
+-		x++;
++		x = (uint8_t) (x + 1);
+ 		goto loop;
+ 	
+ // 5. 8-BIT LOGIC OPERATION COMMANDS
+@@ -697,7 +697,7 @@ loop:
+ 		unsigned temp = y * a;
+ 		a = (uint8_t) temp;
+ 		nz = ((temp >> 1) | temp) & 0x7F;
+-		y = temp >> 8;
++		y = (uint8_t) (temp >> 8);
+ 		nz |= y;
+ 		goto loop;
+ 	}
+@@ -728,6 +728,7 @@ loop:
+ 		
+ 		nz = (uint8_t) a;
+ 		a = (uint8_t) a;
++		y = (uint8_t) y;
+ 		
+ 		goto loop;
+ 	}
diff -Nru game-music-emu-0.5.5/debian/patches/series game-music-emu-0.5.5/debian/patches/series
--- game-music-emu-0.5.5/debian/patches/series	2010-03-22 13:31:32.000000000 +0000
+++ game-music-emu-0.5.5/debian/patches/series	2016-12-13 23:34:07.000000000 +0000
@@ -1 +1,2 @@
 01_symbol-exports.patch
+missing_register_value_clamp.patch