diff -u libvorbisidec-1.0.2+svn18153/debian/changelog libvorbisidec-1.0.2+svn18153/debian/changelog
--- libvorbisidec-1.0.2+svn18153/debian/changelog
+++ libvorbisidec-1.0.2+svn18153/debian/changelog
@@ -1,3 +1,16 @@
+libvorbisidec (1.0.2+svn18153-0.2+deb7u1build0.14.04.1) trusty-security; urgency=medium
+
+  * fake sync from Debian
+
+ -- Emily Ratliff <emily.ratliff@canonical.com>  Mon, 26 Mar 2018 17:08:55 -0500
+
+libvorbisidec (1.0.2+svn18153-0.2+deb7u1) wheezy-security; urgency=low
+
+  * Non-maintainer upload by the Wheezy LTS Team.
+  * Prevent out-of-bounds write in codebook decoding (CVE-2018-5147)
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Wed, 21 Mar 2018 20:53:05 +0100
+
 libvorbisidec (1.0.2+svn18153-0.2) unstable; urgency=low
 
   * Non-maintainer upload.
only in patch2:
unchanged:
--- libvorbisidec-1.0.2+svn18153.orig/codebook.c
+++ libvorbisidec-1.0.2+svn18153/codebook.c
@@ -258,7 +258,7 @@
 	t[i] = book->valuelist+entry[i]*book->dim;
       }
       for(i=0,o=0;i<book->dim;i++,o+=step)
-	for (j=0;j<step;j++)
+	for (j=0;o+j<n && j<step;j++)
 	  a[o+j]+=t[j][i]>>shift;
     }else{
       for (i = 0; i < step; i++) {
@@ -267,7 +267,7 @@
 	t[i] = book->valuelist+entry[i]*book->dim;
       }
       for(i=0,o=0;i<book->dim;i++,o+=step)
-	for (j=0;j<step;j++)
+	for (j=0;o+j<n && j<step;j++)
 	  a[o+j]+=t[j][i]<<-shift;
     }
   }
@@ -287,7 +287,7 @@
 	entry = decode_packed_entry_number(book,b);
 	if(entry==-1)return(-1);
 	t     = book->valuelist+entry*book->dim;
-	for (j=0;j<book->dim;)
+	for (j=0;i<n && j<book->dim;)
 	  a[i++]+=t[j++]>>shift;
       }
     }else{
@@ -295,7 +295,7 @@
 	entry = decode_packed_entry_number(book,b);
 	if(entry==-1)return(-1);
 	t     = book->valuelist+entry*book->dim;
-	for (j=0;j<book->dim;)
+	for (j=0;i<n && j<book->dim;)
 	  a[i++]+=t[j++]<<-shift;
       }
     }
@@ -352,15 +352,15 @@
     long i,j,entry;
     int chptr=0;
     int shift=point-book->binarypoint;
-    
+    int m=offset+n;
     if(shift>=0){
       
-      for(i=offset;i<offset+n;){
+      for(i=offset;i<m;){
 	entry = decode_packed_entry_number(book,b);
 	if(entry==-1)return(-1);
 	{
 	  const ogg_int32_t *t = book->valuelist+entry*book->dim;
-	  for (j=0;j<book->dim;j++){
+	  for (j=0;i<m && j<book->dim;j++){
 	    a[chptr++][i]+=t[j]>>shift;
 	    if(chptr==ch){
 	      chptr=0;
@@ -371,12 +371,12 @@
       }
     }else{
       
-      for(i=offset;i<offset+n;){
+      for(i=offset;i<m;){
 	entry = decode_packed_entry_number(book,b);
 	if(entry==-1)return(-1);
 	{
 	  const ogg_int32_t *t = book->valuelist+entry*book->dim;
-	  for (j=0;j<book->dim;j++){
+	  for (j=0;i<m && j<book->dim;j++){
 	    a[chptr++][i]+=t[j]<<-shift;
 	    if(chptr==ch){
 	      chptr=0;