diff -Nru unadf-0.7.11a/debian/changelog unadf-0.7.11a/debian/changelog
--- unadf-0.7.11a/debian/changelog	2012-06-19 21:04:43.000000000 +0000
+++ unadf-0.7.11a/debian/changelog	2016-09-22 21:47:14.000000000 +0000
@@ -1,3 +1,22 @@
+unadf (0.7.11a-3+deb7u1~build0.16.04.1) xenial-security; urgency=medium
+
+  * fake sync from Debian
+
+ -- Tyler Hicks <tyhicks@canonical.com>  Thu, 22 Sep 2016 16:47:14 -0500
+
+unadf (0.7.11a-3+deb7u1) wheezy-security; urgency=high
+
+  * CVE-2016-1243: Fix stack buffer overflow caused by blindly trusting on
+    pathname lengths of archived files. Stack allocated buffer sysbuf was
+    filled with sprintf() without any bounds checking in extracTree() function.
+    (Closes: #838248)
+
+  * CVE-2016-1244: Correct execution of unsanitized input. Shell command used
+    for creating directory paths was constructed by oncatenating names of
+    archived files to the end of the command string. (Closes: #838248)
+
+ -- Chris Lamb <lamby@debian.org>  Wed, 21 Sep 2016 03:27:21 +0100
+
 unadf (0.7.11a-3) unstable; urgency=low
 
   * QA upload.
diff -Nru unadf-0.7.11a/debian/patches/CVE-2016-1243_CVE-2016-1244 unadf-0.7.11a/debian/patches/CVE-2016-1243_CVE-2016-1244
--- unadf-0.7.11a/debian/patches/CVE-2016-1243_CVE-2016-1244	1970-01-01 00:00:00.000000000 +0000
+++ unadf-0.7.11a/debian/patches/CVE-2016-1243_CVE-2016-1244	2016-09-21 02:31:47.000000000 +0000
@@ -0,0 +1,106 @@
+--- unadf-0.7.11a.orig/Demo/unadf.c
++++ unadf-0.7.11a/Demo/unadf.c
+@@ -24,6 +24,8 @@
+ 
+ #define UNADF_VERSION "1.0"
+ 
++#include <sys/stat.h>
++#include <sys/types.h>
+ 
+ #include<stdlib.h>
+ #include<errno.h>
+@@ -40,8 +42,6 @@
+  * do fopen('dir1','rb'). NULL is returned if 'dir1' doesn't exists yet, an handle instead
+  */
+ 
+-#define MKDIR "mkdir"
+-
+ #ifdef WIN32
+ #define DIRSEP '\\'
+ #else
+@@ -51,6 +51,13 @@
+ #define EXTBUFL 1024*8
+ 
+ 
++static void mkdirOrLogErr(const char *const path)
++{
++	if (mkdir(path, S_IRWXU | S_IRWXG | S_IRWXO))
++		fprintf(stderr, "mkdir: cannot create directory '%s': %s\n",
++			path, strerror(errno));
++}
++
+ void help()
+ {
+     puts("unadf [-lrcsp -v n] dumpname.adf [files-with-path] [-d extractdir]");
+@@ -152,7 +159,6 @@ void extractTree(struct Volume *vol, str
+ {
+ 	struct Entry* entry;
+     char *buf;
+-    char sysbuf[200];
+ 
+     while(tree) {
+         entry = (struct Entry*)tree->content;
+@@ -162,16 +168,14 @@ void extractTree(struct Volume *vol, str
+                 buf=(char*)malloc(strlen(path)+1+strlen(entry->name)+1);
+                 if (!buf) return;
+                 sprintf(buf,"%s%c%s",path,DIRSEP,entry->name);
+-                sprintf(sysbuf,"%s %s",MKDIR,buf);
+                 if (!qflag) printf("x - %s%c\n",buf,DIRSEP);
++                if (!pflag) mkdirOrLogErr(buf);
+             }
+             else {
+-                sprintf(sysbuf,"%s %s",MKDIR,entry->name);
+                 if (!qflag) printf("x - %s%c\n",entry->name,DIRSEP);
++                if (!pflag) mkdirOrLogErr(entry->name);
+             }
+ 
+-            if (!pflag) system(sysbuf);
+-
+ 	        if (tree->subdir!=NULL) {
+                 if (adfChangeDir(vol,entry->name)==RC_OK) {
+                     if (buf!=NULL)
+@@ -302,20 +306,20 @@ void processFile(struct Volume *vol, cha
+     }
+     else {
+         /* the all-in-one string : to call system(), to find the filename, the convert dir sep char ... */
+-        bigstr=(char*)malloc(strlen(MKDIR)+1+strlen(path)+1+strlen(name)+1);
++        bigstr=(char*)malloc(strlen(path)+1+strlen(name)+1);
+         if (!bigstr) { fprintf(stderr,"processFile : malloc"); return; }
+ 
+         /* to build to extract path */
+         if (strlen(path)>0) {
+-            sprintf(bigstr,"%s %s%c%s",MKDIR,path,DIRSEP,name);
+-            cdstr = bigstr+strlen(MKDIR)+1+strlen(path)+1;
++            sprintf(bigstr,"%s%c%s",path,DIRSEP,name);
++            cdstr = bigstr+strlen(path)+1;
+         }
+         else {
+-            sprintf(bigstr,"%s %s",MKDIR,name);
+-            cdstr = bigstr+strlen(MKDIR)+1;
++            sprintf(bigstr,"%s",name);
++            cdstr = bigstr;
+         }
+         /* the directory in which the file will be extracted */
+-        fullname =  bigstr+strlen(MKDIR)+1;
++        fullname =  bigstr;
+ 
+         /* finds the filename, and separates it from the path */
+         filename = strrchr(bigstr,'/')+1;
+@@ -333,7 +337,7 @@ void processFile(struct Volume *vol, cha
+                     return;
+                 tfile = fopen(fullname,"r"); /* the only portable way to test if the dir exists */
+                 if (tfile==NULL) { /* does't exist : create it */
+-                    if (!pflag) system(bigstr);
++                    if (!pflag) mkdirOrLogErr(bigstr);
+                     if (!qflag) printf("x - %s%c\n",fullname,DIRSEP);
+                 }
+                 else
+@@ -350,7 +354,7 @@ void processFile(struct Volume *vol, cha
+                     return;
+                 tfile = fopen(fullname,"r");
+                 if (tfile==NULL) {
+-                    if (!pflag) system(bigstr);
++                    if (!pflag) mkdirOrLogErr(bigstr);
+                     if (!qflag) printf("x - %s%c\n",fullname,DIRSEP);
+                 }
+                 else
diff -Nru unadf-0.7.11a/debian/patches/series unadf-0.7.11a/debian/patches/series
--- unadf-0.7.11a/debian/patches/series	2012-06-19 21:04:37.000000000 +0000
+++ unadf-0.7.11a/debian/patches/series	2016-09-21 02:32:37.000000000 +0000
@@ -1,3 +1,4 @@
 source-code-fixes
 64-bit-fixes
 add-hardening-flags-in-compiler-options
+CVE-2016-1243_CVE-2016-1244