diff -Nru procmail-3.22/debian/changelog procmail-3.22/debian/changelog
--- procmail-3.22/debian/changelog	2010-04-25 22:23:32.000000000 +0000
+++ procmail-3.22/debian/changelog	2014-09-04 13:42:55.000000000 +0000
@@ -1,3 +1,12 @@
+procmail (3.22-19ubuntu0.1) precise-security; urgency=medium
+
+  * SECURITY UPDATE: heap overflow in formail via malformed from header
+    - debian/patches/CVE-2014-3618.patch: handle unbalanced quotes in
+      src/formisc.c.
+    - CVE-2014-3618
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 04 Sep 2014 09:42:55 -0400
+
 procmail (3.22-19) unstable; urgency=low
 
   * Adopted remaining code changes from procmail 3.23pre.
diff -Nru procmail-3.22/debian/control procmail-3.22/debian/control
--- procmail-3.22/debian/control	2010-02-18 15:36:13.000000000 +0000
+++ procmail-3.22/debian/control	2014-09-04 13:43:04.000000000 +0000
@@ -1,7 +1,8 @@
 Source: procmail
 Section: mail
 Priority: standard
-Maintainer: Santiago Vila <sanvila@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Santiago Vila <sanvila@debian.org>
 Standards-Version: 3.8.4
 
 Package: procmail
diff -Nru procmail-3.22/debian/patches/CVE-2014-3618.patch procmail-3.22/debian/patches/CVE-2014-3618.patch
--- procmail-3.22/debian/patches/CVE-2014-3618.patch	1970-01-01 00:00:00.000000000 +0000
+++ procmail-3.22/debian/patches/CVE-2014-3618.patch	2014-09-04 13:42:50.000000000 +0000
@@ -0,0 +1,22 @@
+From: Tavis Ormandy
+Subject: formail heap overflow. CVE-2014-3618
+Bug-Debian: http://bugs.debian.org/704675
+Bug-Debian: http://bugs.debian.org/760443
+X-Debian-version: 3.22-22
+
+--- a/src/formisc.c
++++ b/src/formisc.c
+@@ -84,12 +84,11 @@
+ 	case '"':*target++=delim='"';start++;
+       }
+      ;{ int i;
+-	do
++	while(*start)
+ 	   if((i= *target++= *start++)==delim)	 /* corresponding delimiter? */
+ 	      break;
+ 	   else if(i=='\\'&&*start)		    /* skip quoted character */
+ 	      *target++= *start++;
+-	while(*start);						/* anything? */
+       }
+      hitspc=2;
+    }
diff -Nru procmail-3.22/debian/patches/series procmail-3.22/debian/patches/series
--- procmail-3.22/debian/patches/series	2010-04-25 22:23:02.000000000 +0000
+++ procmail-3.22/debian/patches/series	2014-09-04 13:42:50.000000000 +0000
@@ -25,3 +25,4 @@
 24
 25
 26
+CVE-2014-3618.patch