diff -Nru ldns-1.6.17/debian/changelog ldns-1.6.17/debian/changelog
--- ldns-1.6.17/debian/changelog	2014-06-16 09:40:26.000000000 +0000
+++ ldns-1.6.17/debian/changelog	2014-06-19 07:45:42.000000000 +0000
@@ -1,3 +1,10 @@
+ldns (1.6.17-5) unstable; urgency=medium
+
+  * Add upstream fix for double free for answers bigger than 4096 bytes
+  * Add upstream fix whitespace bug in ldns-read-zone
+
+ -- Ondřej Surý <ondrej@debian.org>  Thu, 19 Jun 2014 09:45:26 +0200
+
 ldns (1.6.17-4) unstable; urgency=high
 
   * [CVE-2014-3209]: fix ldns-keygen writing private DNSKEYs with default
diff -Nru ldns-1.6.17/debian/patches/fix-double-free-for-answers-bigger-than-4096.patch ldns-1.6.17/debian/patches/fix-double-free-for-answers-bigger-than-4096.patch
--- ldns-1.6.17/debian/patches/fix-double-free-for-answers-bigger-than-4096.patch	1970-01-01 00:00:00.000000000 +0000
+++ ldns-1.6.17/debian/patches/fix-double-free-for-answers-bigger-than-4096.patch	2014-06-19 07:45:42.000000000 +0000
@@ -0,0 +1,17 @@
+From 2853eb352b4461e98f2926ace4ea3810cedf4167 Mon Sep 17 00:00:00 2001
+From: Willem Toorop <willem@nlnetlabs.nl>
+Date: Tue, 28 Jan 2014 11:06:38 +0100
+Subject: bugfix #548: Double free for answers > 4096
+
+in ldns_resolver_send_pkt.  Thank you sunthought@gmail.com
+---
+--- ldns.orig/resolver.c
++++ ldns/resolver.c
+@@ -1117,6 +1117,7 @@ ldns_resolver_send_pkt(ldns_pkt **answer
+ 					ldns_pkt_set_edns_udp_size(query_pkt
+ 							, 4096);
+ 					ldns_pkt_free(answer_pkt);
++					answer_pkt = NULL;
+ 					/* Nameservers should not become 
+ 					 * unreachable because fragments are
+ 					 * dropped (network error). We might
diff -Nru ldns-1.6.17/debian/patches/fix-whitespace-bug-in-ldns-read-zone.patch ldns-1.6.17/debian/patches/fix-whitespace-bug-in-ldns-read-zone.patch
--- ldns-1.6.17/debian/patches/fix-whitespace-bug-in-ldns-read-zone.patch	1970-01-01 00:00:00.000000000 +0000
+++ ldns-1.6.17/debian/patches/fix-whitespace-bug-in-ldns-read-zone.patch	2014-06-19 07:45:42.000000000 +0000
@@ -0,0 +1,37 @@
+From d6037a22fbedb8ef3a22de4107e4eaa36840865b Mon Sep 17 00:00:00 2001
+From: Matthijs Mekking <matthijs@nlnetlabs.nl>
+Date: Wed, 18 Jun 2014 09:55:17 +0200
+Subject: whitespace bug in ldns-read-zone
+
+---
+--- ldns.orig/rr.c
++++ ldns/rr.c
+@@ -670,6 +670,18 @@ ldns_rr_new_question_frm_str(ldns_rr **n
+ 	                                    true);
+ }
+ 
++static int
++ldns_rr_is_whitespace_line(char* line, int line_len)
++{
++	int i;
++	for (i = 0; i < line_len; i++) {
++		if (!isspace((int)line[i])) {
++			return 0;
++		}
++	}
++	return 1;
++}
++
+ ldns_status
+ ldns_rr_new_frm_fp(ldns_rr **newrr, FILE *fp, uint32_t *ttl, ldns_rdf **origin, ldns_rdf **prev)
+ {
+@@ -745,6 +757,9 @@ ldns_rr_new_frm_fp_l(ldns_rr **newrr, FI
+ 		s = LDNS_STATUS_SYNTAX_TTL;
+ 	} else if (strncmp(line, "$INCLUDE", 8) == 0) {
+ 		s = LDNS_STATUS_SYNTAX_INCLUDE;
++	} else if (ldns_rr_is_whitespace_line(line, size)) {
++		LDNS_FREE(line);
++		return LDNS_STATUS_SYNTAX_EMPTY;
+ 	} else {
+ 		if (origin && *origin) {
+ 			s = ldns_rr_new_frm_str(&rr, (const char*) line, ttl, *origin, prev);
diff -Nru ldns-1.6.17/debian/patches/series ldns-1.6.17/debian/patches/series
--- ldns-1.6.17/debian/patches/series	2014-06-16 09:40:26.000000000 +0000
+++ ldns-1.6.17/debian/patches/series	2014-06-19 07:45:42.000000000 +0000
@@ -1,3 +1,5 @@
 001_manpages_whatis.patch
 003_dont_require_libldns_la_for_pyldns.patch
 fix-permissions-when-creating-new-dnskey.patch
+fix-double-free-for-answers-bigger-than-4096.patch
+fix-whitespace-bug-in-ldns-read-zone.patch