diff -Nru qpdf-8.0.2/debian/changelog qpdf-8.0.2/debian/changelog
--- qpdf-8.0.2/debian/changelog	2018-03-06 16:54:54.000000000 +0000
+++ qpdf-8.0.2/debian/changelog	2018-04-15 20:24:12.000000000 +0000
@@ -1,3 +1,16 @@
+qpdf (8.0.2-3) unstable; urgency=medium
+
+  * Add patch for CVE-2018-9918 from upstream commit
+    b4d6cf6836ce025ba1811b7bbec52680c7204223. (Closes: #895443)
+
+ -- Jay Berkenbilt <qjb@debian.org>  Sun, 15 Apr 2018 16:24:12 -0400
+
+qpdf (8.0.2-2) unstable; urgency=medium
+
+  * Update debhelper dependency to 10.3 for dh_missing. (Closes: #893581)
+
+ -- Jay Berkenbilt <qjb@debian.org>  Sun, 25 Mar 2018 08:29:34 -0400
+
 qpdf (8.0.2-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru qpdf-8.0.2/debian/control qpdf-8.0.2/debian/control
--- qpdf-8.0.2/debian/control	2018-03-06 16:54:54.000000000 +0000
+++ qpdf-8.0.2/debian/control	2018-04-15 20:24:12.000000000 +0000
@@ -1,7 +1,7 @@
 Source: qpdf
 Section: libs
 Priority: optional
-Build-Depends: debhelper (>> 10~), libjpeg-dev, zlib1g-dev
+Build-Depends: debhelper (>> 10.3~), libjpeg-dev, zlib1g-dev
 Maintainer: Jay Berkenbilt <qjb@debian.org>
 Standards-Version: 4.1.3
 Homepage: http://qpdf.sourceforge.net
diff -Nru qpdf-8.0.2/debian/patches/CVE-2018-9918.patch qpdf-8.0.2/debian/patches/CVE-2018-9918.patch
--- qpdf-8.0.2/debian/patches/CVE-2018-9918.patch	1970-01-01 00:00:00.000000000 +0000
+++ qpdf-8.0.2/debian/patches/CVE-2018-9918.patch	2018-04-15 20:24:12.000000000 +0000
@@ -0,0 +1,72 @@
+Index: qpdf/ChangeLog
+===================================================================
+--- qpdf.orig/ChangeLog
++++ qpdf/ChangeLog
+@@ -1,3 +1,8 @@
++2018-04-15  Jay Berkenbilt  <ejb@ql.org>
++
++	* Arbitrarily limit the depth of data structures represented by
++	direct object. This is CVE-2018-9918. Fixes #202.
++
+ 2018-03-06  Jay Berkenbilt  <ejb@ql.org>
+ 
+ 	* 8.0.2: release
+Index: qpdf/libqpdf/QPDFObjectHandle.cc
+===================================================================
+--- qpdf.orig/libqpdf/QPDFObjectHandle.cc
++++ qpdf/libqpdf/QPDFObjectHandle.cc
+@@ -1487,12 +1487,26 @@ QPDFObjectHandle::parseInternal(PointerH
+ 
+ 	  case QPDFTokenizer::tt_array_open:
+ 	  case QPDFTokenizer::tt_dict_open:
+-            olist_stack.push_back(std::vector<QPDFObjectHandle>());
+-            state = st_start;
+-            offset_stack.push_back(input->tell());
+-            state_stack.push_back(
+-                (token.getType() == QPDFTokenizer::tt_array_open) ?
+-                st_array : st_dictionary);
++            if (olist_stack.size() > 500)
++            {
++		QTC::TC("qpdf", "QPDFObjectHandle too deep");
++                warn(context,
++                     QPDFExc(qpdf_e_damaged_pdf, input->getName(),
++                             object_description,
++                             input->getLastOffset(),
++                             "ignoring excessively deeply nested data structure"));
++                object = newNull();
++                state = st_top;
++            }
++            else
++            {
++                olist_stack.push_back(std::vector<QPDFObjectHandle>());
++                state = st_start;
++                offset_stack.push_back(input->tell());
++                state_stack.push_back(
++                    (token.getType() == QPDFTokenizer::tt_array_open) ?
++                    st_array : st_dictionary);
++            }
+ 	    break;
+ 
+ 	  case QPDFTokenizer::tt_bool:
+Index: qpdf/qpdf/qpdf.testcov
+===================================================================
+--- qpdf.orig/qpdf/qpdf.testcov
++++ qpdf/qpdf/qpdf.testcov
+@@ -335,3 +335,4 @@ QPDFObjectHandle numeric non-numeric 0
+ QPDFObjectHandle erase array bounds 0
+ qpdf-c called qpdf_check_pdf 0
+ QPDF xref loop 0
++QPDFObjectHandle too deep 0
+Index: qpdf/qpdf/qtest/qpdf/issue-146.out
+===================================================================
+--- qpdf.orig/qpdf/qtest/qpdf/issue-146.out
++++ qpdf/qpdf/qtest/qpdf/issue-146.out
+@@ -1,7 +1,5 @@
+ WARNING: issue-146.pdf: file is damaged
+ WARNING: issue-146.pdf: can't find startxref
+ WARNING: issue-146.pdf: Attempting to reconstruct cross-reference table
+-WARNING: issue-146.pdf (trailer, offset 20728): unknown token while reading object; treating as string
+-WARNING: issue-146.pdf (trailer, offset 20732): unexpected EOF
+-WARNING: issue-146.pdf (trailer, offset 20732): parse error while reading object
++WARNING: issue-146.pdf (trailer, offset 695): ignoring excessively deeply nested data structure
+ issue-146.pdf: unable to find trailer dictionary while recovering damaged file
diff -Nru qpdf-8.0.2/debian/patches/series qpdf-8.0.2/debian/patches/series
--- qpdf-8.0.2/debian/patches/series	2018-03-06 16:54:54.000000000 +0000
+++ qpdf-8.0.2/debian/patches/series	2018-04-15 20:24:12.000000000 +0000
@@ -0,0 +1 @@
+CVE-2018-9918.patch