diff -Nru libidn-1.28/debian/changelog libidn-1.28/debian/changelog
--- libidn-1.28/debian/changelog	2016-08-23 17:37:01.000000000 +0000
+++ libidn-1.28/debian/changelog	2017-09-25 15:19:19.000000000 +0000
@@ -1,3 +1,12 @@
+libidn (1.28-1ubuntu2.2) trusty-security; urgency=medium
+
+  * SECURITY UPDATE:  Integer overflow
+    - debian/patches/CVE-2017-14062.patch: fix integer overflow
+      in punycode.c.
+    - CVE-2017-14062
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 25 Sep 2017 11:19:19 -0400
+
 libidn (1.28-1ubuntu2.1) trusty-security; urgency=medium
 
   * SECURITY UPDATE: out-of-bounds read when reading one zero byte
diff -Nru libidn-1.28/debian/patches/CVE-2017-14062.patch libidn-1.28/debian/patches/CVE-2017-14062.patch
--- libidn-1.28/debian/patches/CVE-2017-14062.patch	1970-01-01 00:00:00.000000000 +0000
+++ libidn-1.28/debian/patches/CVE-2017-14062.patch	2017-09-25 15:19:17.000000000 +0000
@@ -0,0 +1,27 @@
+From: =?utf-8?q?Tim_R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Tue, 1 Aug 2017 11:16:47 +0200
+Subject: lib/puny_decode: Fix integer overflow (found by fuzzing)
+
+---
+ lib/punycode.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+Index: libidn-1.28/lib/punycode.c
+===================================================================
+--- libidn-1.28.orig/lib/punycode.c	2017-09-25 11:19:13.521215165 -0400
++++ libidn-1.28/lib/punycode.c	2017-09-25 11:19:13.505214957 -0400
+@@ -89,11 +89,11 @@ enum
+ /* point (for use in representing integers) in the range 0 to */
+ /* base-1, or base if cp does not represent a value.          */
+ 
+-static punycode_uint
++static unsigned
+ decode_digit (punycode_uint cp)
+ {
+-  return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
+-    cp - 97 < 26 ? cp - 97 : base;
++  return (unsigned) (cp - 48 < 10 ? cp - 22 :  cp - 65 < 26 ? cp - 65 :
++         cp - 97 < 26 ? cp - 97 :  base);
+ }
+ 
+ /* encode_digit(d,flag) returns the basic code point whose value      */
diff -Nru libidn-1.28/debian/patches/series libidn-1.28/debian/patches/series
--- libidn-1.28/debian/patches/series	2016-08-23 17:36:08.000000000 +0000
+++ libidn-1.28/debian/patches/series	2017-09-25 15:19:12.000000000 +0000
@@ -9,3 +9,4 @@
 CVE-2016-6263.patch
 fix_broken_test.patch
 fix_gdoc.patch
+CVE-2017-14062.patch