diff -Nru spice-0.12.8/debian/changelog spice-0.12.8/debian/changelog
--- spice-0.12.8/debian/changelog	2017-07-18 17:30:46.000000000 +0000
+++ spice-0.12.8/debian/changelog	2017-07-21 21:34:38.000000000 +0000
@@ -1,15 +1,10 @@
-spice (0.12.8-2.1ubuntu0.1) artful; urgency=medium
+spice (0.12.8-2.2) unstable; urgency=medium
 
-  * SECURITY UPDATE: buffer overflow via invalid monitor configurations
-    - debian/patches/CVE-2017-7506-1.patch: disconnect when receiving
-      overly big ClientMonitorsConfig in server/reds.c.
-    - debian/patches/CVE-2017-7506-2.patch: avoid integer overflows
-      handling monitor configuration in server/reds.c.
-    - debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling
-      monitor configuration in server/reds.c.
-    - CVE-2017-7506
+  * Non-maintainer upload.
+  * Fix CVE-2017-7506: (Closes: #868083)
+    Possible buffer overflow via invalid monitor configurations.
 
- -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 18 Jul 2017 13:30:46 -0400
+ -- Markus Koschany <apo@debian.org>  Fri, 21 Jul 2017 23:34:38 +0200
 
 spice (0.12.8-2.1) unstable; urgency=medium
 
diff -Nru spice-0.12.8/debian/control spice-0.12.8/debian/control
--- spice-0.12.8/debian/control	2017-07-18 17:30:46.000000000 +0000
+++ spice-0.12.8/debian/control	2017-07-21 21:34:38.000000000 +0000
@@ -1,8 +1,7 @@
 Source: spice
 Section: misc
 Priority: optional
-Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
-XSBC-Original-Maintainer: Liang Guo <guoliang@debian.org>
+Maintainer: Liang Guo <guoliang@debian.org>
 Uploaders: Michael Tokarev <mjt@tls.msk.ru>
 Build-Depends: debhelper (>= 9), pkg-config,
  dh-autoreconf,
diff -Nru spice-0.12.8/debian/patches/CVE-2017-7506-1.patch spice-0.12.8/debian/patches/CVE-2017-7506-1.patch
--- spice-0.12.8/debian/patches/CVE-2017-7506-1.patch	2017-07-18 17:30:33.000000000 +0000
+++ spice-0.12.8/debian/patches/CVE-2017-7506-1.patch	2017-07-21 21:34:38.000000000 +0000
@@ -1,7 +1,8 @@
-From f1e7ec03e26ab6b8ca9b7ec060846a5b706a963d Mon Sep 17 00:00:00 2001
+From 257f69d619fed407493156c8a7b952abc8a51314 Mon Sep 17 00:00:00 2001
 From: Frediano Ziglio <fziglio@redhat.com>
 Date: Mon, 15 May 2017 15:57:28 +0100
-Subject: reds: Disconnect when receiving overly big ClientMonitorsConfig
+Subject: [spice-server 1/3] reds: Disconnect when receiving overly big
+ ClientMonitorsConfig
 
 Total message size received from the client was unlimited. There is
 a 2kiB size check on individual agent messages, but the MonitorsConfig
@@ -10,9 +11,12 @@
 lead to memory exhaustion on the host.
 
 Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+---
+ server/reds.c | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
 
 diff --git a/server/reds.c b/server/reds.c
-index f439a36..7be85fd 100644
+index f439a3668..7be85fdfc 100644
 --- a/server/reds.c
 +++ b/server/reds.c
 @@ -993,19 +993,34 @@ static void reds_client_monitors_config_cleanup(void)
@@ -66,5 +70,4 @@
  
  void reds_on_main_agent_data(MainChannelClient *mcc, void *message, size_t size)
 -- 
-cgit v0.10.2
-
+2.13.0
diff -Nru spice-0.12.8/debian/patches/CVE-2017-7506-2.patch spice-0.12.8/debian/patches/CVE-2017-7506-2.patch
--- spice-0.12.8/debian/patches/CVE-2017-7506-2.patch	2017-07-18 17:30:37.000000000 +0000
+++ spice-0.12.8/debian/patches/CVE-2017-7506-2.patch	2017-07-21 21:34:38.000000000 +0000
@@ -1,14 +1,18 @@
-From ec6229c79abe05d731953df5f7e9a05ec9f6df79 Mon Sep 17 00:00:00 2001
+From ff2b4ef70181087d5abd50bad76d026ec5088a93 Mon Sep 17 00:00:00 2001
 From: Frediano Ziglio <fziglio@redhat.com>
 Date: Mon, 15 May 2017 15:57:28 +0100
-Subject: reds: Avoid integer overflows handling monitor configuration
+Subject: [spice-server 2/3] reds: Avoid integer overflows handling monitor
+ configuration
 
 Avoid VDAgentMessage::size integer overflows.
 
 Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+---
+ server/reds.c | 3 +++
+ 1 file changed, 3 insertions(+)
 
 diff --git a/server/reds.c b/server/reds.c
-index 7be85fd..e1c8c10 100644
+index 7be85fdfc..e1c8c1086 100644
 --- a/server/reds.c
 +++ b/server/reds.c
 @@ -1024,6 +1024,9 @@ static void reds_on_main_agent_monitors_config(
@@ -22,5 +26,4 @@
      spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
      red_dispatcher_client_monitors_config(monitors_config);
 -- 
-cgit v0.10.2
-
+2.13.0
diff -Nru spice-0.12.8/debian/patches/CVE-2017-7506-3.patch spice-0.12.8/debian/patches/CVE-2017-7506-3.patch
--- spice-0.12.8/debian/patches/CVE-2017-7506-3.patch	2017-07-18 17:30:41.000000000 +0000
+++ spice-0.12.8/debian/patches/CVE-2017-7506-3.patch	2017-07-21 21:34:38.000000000 +0000
@@ -1,7 +1,8 @@
-From a957a90baf2c62d31f3547e56bba7d0e812d2331 Mon Sep 17 00:00:00 2001
+From 8cc3d7df2792751939cc832f4110c57e2addfca5 Mon Sep 17 00:00:00 2001
 From: Frediano Ziglio <fziglio@redhat.com>
 Date: Mon, 15 May 2017 15:57:28 +0100
-Subject: reds: Avoid buffer overflows handling monitor configuration
+Subject: [spice-server 3/3] reds: Avoid buffer overflows handling monitor
+ configuration
 
 It was also possible for a malicious client to set
 VDAgentMonitorsConfig::num_of_monitors to a number larger
@@ -12,9 +13,12 @@
 complicated.
 
 Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+---
+ server/reds.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
 
 diff --git a/server/reds.c b/server/reds.c
-index e1c8c10..3a42c37 100644
+index e1c8c1086..3a42c3755 100644
 --- a/server/reds.c
 +++ b/server/reds.c
 @@ -1000,6 +1000,7 @@ static void reds_on_main_agent_monitors_config(
@@ -39,5 +43,4 @@
      red_dispatcher_client_monitors_config(monitors_config);
      reds_client_monitors_config_cleanup();
 -- 
-cgit v0.10.2
-
+2.13.0