diff -Nru remote-login-service-1.0.0/debian/changelog remote-login-service-1.0.0/debian/changelog
--- remote-login-service-1.0.0/debian/changelog	2012-10-03 21:25:04.000000000 +0000
+++ remote-login-service-1.0.0/debian/changelog	2012-11-05 19:08:11.000000000 +0000
@@ -1,3 +1,12 @@
+remote-login-service (1.0.0-0ubuntu1.1) quantal-security; urgency=low
+
+  * SECURITY UPDATE: credentials disclosure via second login (LP: #1070896)
+    - debian/patches/01_clear_servers.patch: Clear servers on second login
+      in src/uccs-server.c, add test to tests/dbus-interface.c.
+    - CVE-2012-0959
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 05 Nov 2012 14:05:14 -0500
+
 remote-login-service (1.0.0-0ubuntu1) quantal; urgency=low
 
   * New upstream release.
diff -Nru remote-login-service-1.0.0/debian/patches/01_clear_servers.patch remote-login-service-1.0.0/debian/patches/01_clear_servers.patch
--- remote-login-service-1.0.0/debian/patches/01_clear_servers.patch	1970-01-01 00:00:00.000000000 +0000
+++ remote-login-service-1.0.0/debian/patches/01_clear_servers.patch	2012-11-05 19:09:43.000000000 +0000
@@ -0,0 +1,36 @@
+Description: fix credentials disclosure via second login
+Origin: upstream, http://bazaar.launchpad.net/~remote-login-service-team/remote-login-service/trunk/revision/77
+Bug: https://bugs.launchpad.net/ubuntu/quantal/+source/remote-login-service/+bug/1070896
+
+=== modified file 'src/uccs-server.c'
+--- old/src/uccs-server.c	2012-09-17 07:49:30 +0000
++++ new/src/uccs-server.c	2012-10-24 14:35:36 +0000
+@@ -466,6 +466,10 @@
+ static gboolean
+ parse_rds_array (UccsServer * server, JsonArray * array)
+ {
++	// Got a new set of servers, delete the old one
++	g_list_free_full(server->subservers, g_object_unref);
++	server->subservers = NULL; 
++
+ 	int i;
+ 	for (i = 0; i < json_array_get_length(array); i++) {
+ 		JsonNode * node = json_array_get_element(array, i);
+
+=== modified file 'tests/dbus-interface.c'
+--- old/tests/dbus-interface.c	2012-09-17 07:49:30 +0000
++++ new/tests/dbus-interface.c	2012-10-24 14:35:36 +0000
+@@ -184,9 +184,12 @@
+ 
+ 	GVariant * array = g_variant_get_child_value(retval, 2);
+ 	int i;
++	// Check all servers should be in the result are in the result
+ 	for (i = 0; slmockdata->servers[i].name != NULL; i++) {
+ 		g_assert(find_server(array, &slmockdata->servers[i]));
+ 	}
++	// Check there is no more servers in the result than we expected
++	g_assert(i == g_variant_n_children(array));
+ 	g_variant_unref(array);
+ 
+ 	g_variant_unref(retval);
+
diff -Nru remote-login-service-1.0.0/debian/patches/series remote-login-service-1.0.0/debian/patches/series
--- remote-login-service-1.0.0/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ remote-login-service-1.0.0/debian/patches/series	2012-11-05 19:05:11.000000000 +0000
@@ -0,0 +1 @@
+01_clear_servers.patch