diff -Nru miniupnpc-1.9.20140610/debian/changelog miniupnpc-1.9.20140610/debian/changelog
--- miniupnpc-1.9.20140610/debian/changelog	2014-10-30 18:07:17.000000000 +0000
+++ miniupnpc-1.9.20140610/debian/changelog	2015-10-16 00:36:07.000000000 +0000
@@ -1,3 +1,12 @@
+miniupnpc (1.9.20140610-2ubuntu1.1) vivid-security; urgency=medium
+
+  * SECURITY UPDATE: buffer overflow in XML parser (LP: #1506017)
+    - debian/patches/CVE-2015-6031.patch: fix buffer overflow in
+      igd_desc_parse.c
+    - CVE-2015-6031
+
+ -- Steve Beattie <sbeattie@ubuntu.com>  Thu, 15 Oct 2015 17:35:51 -0700
+
 miniupnpc (1.9.20140610-2ubuntu1) vivid; urgency=low
 
   * Merge from Debian unstable (LP: #1387096).  Remaining changes:
diff -Nru miniupnpc-1.9.20140610/debian/patches/CVE-2015-6031.patch miniupnpc-1.9.20140610/debian/patches/CVE-2015-6031.patch
--- miniupnpc-1.9.20140610/debian/patches/CVE-2015-6031.patch	1970-01-01 00:00:00.000000000 +0000
+++ miniupnpc-1.9.20140610/debian/patches/CVE-2015-6031.patch	2015-10-16 00:35:22.000000000 +0000
@@ -0,0 +1,29 @@
+From 79cca974a4c2ab1199786732a67ff6d898051b78 Mon Sep 17 00:00:00 2001
+From: Thomas Bernard <miniupnp@free.fr>
+Date: Tue, 15 Sep 2015 15:32:33 +0200
+Subject: [PATCH] igd_desc_parse.c: fix buffer overflow
+Origin: https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78
+
+CVE-2015-6031
+
+[Note: this patch differs from upstream in that the comment changes have
+been dropped to avoid patch conflicts. -- sbeattie]
+---
+ igd_desc_parse.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+Index: b/igd_desc_parse.c
+===================================================================
+--- a/igd_desc_parse.c
++++ b/igd_desc_parse.c
+@@ -15,7 +15,9 @@
+ void IGDstartelt(void * d, const char * name, int l)
+ {
+ 	struct IGDdatas * datas = (struct IGDdatas *)d;
+-	memcpy( datas->cureltname, name, l);
++	if(l >= MINIUPNPC_URL_MAXSIZE)
++		l = MINIUPNPC_URL_MAXSIZE-1;
++	memcpy(datas->cureltname, name, l);
+ 	datas->cureltname[l] = '\0';
+ 	datas->level++;
+ 	if( (l==7) && !memcmp(name, "service", l) ) {
diff -Nru miniupnpc-1.9.20140610/debian/patches/series miniupnpc-1.9.20140610/debian/patches/series
--- miniupnpc-1.9.20140610/debian/patches/series	2014-07-13 14:43:51.000000000 +0000
+++ miniupnpc-1.9.20140610/debian/patches/series	2015-10-16 00:35:22.000000000 +0000
@@ -1 +1,2 @@
 correct-typo-in-manpage.patch
+CVE-2015-6031.patch