diff -Nru libosip2-4.1.0/debian/changelog libosip2-4.1.0/debian/changelog
--- libosip2-4.1.0/debian/changelog	2017-06-14 14:02:28.000000000 +0000
+++ libosip2-4.1.0/debian/changelog	2017-06-14 15:51:11.000000000 +0000
@@ -1,8 +1,14 @@
-libosip2 (4.1.0-2build0.16.10.1) yakkety-security; urgency=medium
+libosip2 (4.1.0-2+deb8u1build0.16.10.1) yakkety-security; urgency=medium
 
   * fake sync from Debian
 
- -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 14 Jun 2017 10:02:28 -0400
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 14 Jun 2017 11:51:11 -0400
+
+libosip2 (4.1.0-2+deb8u1) jessie-security; urgency=medium
+
+  * CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Mon, 12 Jun 2017 21:06:19 +0200
 
 libosip2 (4.1.0-2) unstable; urgency=low
 
diff -Nru libosip2-4.1.0/debian/patches/CVE-2016-10324_CVE-2016-10325_CVE-2016-10326_CVE-2017-7853.patch libosip2-4.1.0/debian/patches/CVE-2016-10324_CVE-2016-10325_CVE-2016-10326_CVE-2017-7853.patch
--- libosip2-4.1.0/debian/patches/CVE-2016-10324_CVE-2016-10325_CVE-2016-10326_CVE-2017-7853.patch	1970-01-01 00:00:00.000000000 +0000
+++ libosip2-4.1.0/debian/patches/CVE-2016-10324_CVE-2016-10325_CVE-2016-10326_CVE-2017-7853.patch	2017-06-12 19:06:15.000000000 +0000
@@ -0,0 +1,69 @@
+Upstream patches by Aymeric Moizard <amoizard@gmail.com>:
+
+7e0793e15e21f68337e130c67b031ca38edf055f
+1d9fb1d3a71cc85ef95352e549b140c706cf8696
+b9dd097b5b24f5ee54b0a8739e59641cd51b6ead
+1ae06daf3b2375c34af23083394a6f010be24a45
+
+--- libosip2-4.1.0.orig/src/osipparser2/osip_body.c
++++ libosip2-4.1.0/src/osipparser2/osip_body.c
+@@ -417,6 +417,14 @@ osip_body_to_str (const osip_body_t * bo
+   }
+ 
+   if ((osip_list_size (body->headers) > 0) || (body->content_type != NULL)) {
++    if (length < tmp_body - ptr + 3) {
++      size_t len;
++
++      len = tmp_body - ptr;
++      length = length + 3 + body->length; /* add body->length, to avoid calling realloc often */
++      ptr = osip_realloc (ptr, length);
++      tmp_body = ptr + len;
++    }
+     tmp_body = osip_strn_append (tmp_body, CRLF, 2);
+   }
+   if (length < tmp_body - ptr + body->length + 4) {
+--- libosip2-4.1.0.orig/src/osipparser2/osip_message_parse.c
++++ libosip2-4.1.0/src/osipparser2/osip_message_parse.c
+@@ -812,6 +812,12 @@ msg_osip_body_parse (osip_message_t * si
+     if ('\n' == start_of_body[0] || '\r' == start_of_body[0])
+       start_of_body++;
+ 
++    /* if message body is empty or contains a single CR/LF */
++    if (end_of_body <= start_of_body) {
++      osip_free (sep_boundary);
++      return OSIP_SYNTAXERROR;
++    }
++
+     body_len = end_of_body - start_of_body;
+ 
+     /* Skip CR before end boundary. */
+--- libosip2-4.1.0.orig/src/osipparser2/osip_message_to_str.c
++++ libosip2-4.1.0/src/osipparser2/osip_message_to_str.c
+@@ -378,6 +378,13 @@ _osip_message_to_str (osip_message_t * s
+     /* A start-line isn't required for message/sipfrag parts. */
+   }
+   else {
++    size_t message_len = strlen(tmp);
++    if (_osip_message_realloc (&message, dest, message_len + 3, &malloc_size) < 0) {
++      osip_free (tmp);
++      *dest = NULL;
++      return OSIP_NOMEM;
++    }
++
+     message = osip_str_append (message, tmp);
+     osip_free (tmp);
+     message = osip_strn_append (message, CRLF, 2);
+--- libosip2-4.1.0.orig/src/osipparser2/osip_port.c
++++ libosip2-4.1.0/src/osipparser2/osip_port.c
+@@ -1462,8 +1462,10 @@ osip_clrncpy (char *dst, const char *src
+   char *p;
+   size_t spaceless_length;
+ 
+-  if (src == NULL)
++  if (src == NULL || len == 0) {
++    *dst = '\0';
+     return NULL;
++  }
+ 
+   /* find the start of relevant text */
+   pbeg = src;
diff -Nru libosip2-4.1.0/debian/patches/series libosip2-4.1.0/debian/patches/series
--- libosip2-4.1.0/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ libosip2-4.1.0/debian/patches/series	2017-06-12 19:05:08.000000000 +0000
@@ -0,0 +1 @@
+CVE-2016-10324_CVE-2016-10325_CVE-2016-10326_CVE-2017-7853.patch