diff -u ppp-2.4.5/debian/changelog ppp-2.4.5/debian/changelog
--- ppp-2.4.5/debian/changelog
+++ ppp-2.4.5/debian/changelog
@@ -1,3 +1,12 @@
+ppp (2.4.5-5ubuntu1.2) precise-security; urgency=medium
+
+  * SECURITY UPDATE: denial of service via big process id
+    - debian/patches/CVE-2015-3310.patch: limit size of process id in
+      pppd/plugins/radius/util.c.
+    - CVE-2015-3310
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 21 Apr 2015 13:04:10 -0400
+
 ppp (2.4.5-5ubuntu1.1) precise-security; urgency=medium
 
   * SECURITY UPDATE: possible privilege escalation via option parsing
diff -u ppp-2.4.5/debian/patches/series ppp-2.4.5/debian/patches/series
--- ppp-2.4.5/debian/patches/series
+++ ppp-2.4.5/debian/patches/series
@@ -45,0 +46 @@
+CVE-2015-3310.patch
only in patch2:
unchanged:
--- ppp-2.4.5.orig/debian/patches/CVE-2015-3310.patch
+++ ppp-2.4.5/debian/patches/CVE-2015-3310.patch
@@ -0,0 +1,23 @@
+Description: Fix buffer overflow in rc_mksid()
+ rc_mksid converts the PID of pppd to hex to generate a pseudo-unique string.
+ .
+ If the process id is bigger than 65535 (FFFF), its hex representation will be
+ longer than 4 characters, resulting in a buffer overflow.
+ .
+ The bug can be exploited to cause a remote DoS.
+ .
+Author: Emanuele Rocca <ema@debian.org>
+Bug-Debian: https://bugs.debian.org/782450
+Last-Update: <2015-04-14>
+
+--- ppp-2.4.6.orig/pppd/plugins/radius/util.c
++++ ppp-2.4.6/pppd/plugins/radius/util.c
+@@ -77,7 +77,7 @@ rc_mksid (void)
+   static unsigned short int cnt = 0;
+   sprintf (buf, "%08lX%04X%02hX",
+ 	   (unsigned long int) time (NULL),
+-	   (unsigned int) getpid (),
++	   (unsigned int) getpid () % 65535,
+ 	   cnt & 0xFF);
+   cnt++;
+   return buf;