diff -Nru xmltooling-1.5.3/debian/changelog xmltooling-1.5.3/debian/changelog
--- xmltooling-1.5.3/debian/changelog	2013-07-12 01:56:36.000000000 +0000
+++ xmltooling-1.5.3/debian/changelog	2015-08-07 18:55:02.000000000 +0000
@@ -1,3 +1,16 @@
+xmltooling (1.5.3-2+deb8u1build0.15.04.1) vivid-security; urgency=medium
+
+  * fake sync from Debian
+
+ -- Tyler Hicks <tyhicks@canonical.com>  Fri, 07 Aug 2015 13:55:02 -0500
+
+xmltooling (1.5.3-2+deb8u1) jessie-security; urgency=high
+
+  * Apply security fix from 1.5.5 for CVE-2015-0851 DoS (Closes: #793855):
+    Shibboleth SP software crashes on well-formed but invalid XML 
+
+ -- Ferenc Wagner <wferi@niif.hu>  Sun, 19 Jul 2015 19:06:38 +0200
+
 xmltooling (1.5.3-2) unstable; urgency=low
 
   * Upload to unstable.
diff -Nru xmltooling-1.5.3/debian/patches/debian-changes xmltooling-1.5.3/debian/patches/debian-changes
--- xmltooling-1.5.3/debian/patches/debian-changes	1970-01-01 00:00:00.000000000 +0000
+++ xmltooling-1.5.3/debian/patches/debian-changes	2015-07-30 09:46:51.000000000 +0000
@@ -0,0 +1,49 @@
+Subject: Collected Debian patches for xmltooling
+Author: Russ Allbery <rra@debian.org>
+
+The packaging for xmltooling is maintained in Git using multiple
+branches for fixes, which makes it complex to separate the changes
+into individual patches.  They are therefore all included in a single
+Debian patch.
+
+For full commit history and separated commits, see the packaging Git
+repository.
+
+--- xmltooling-1.5.3.orig/xmltooling/base.h
++++ xmltooling-1.5.3/xmltooling/base.h
+@@ -811,7 +811,16 @@
+         XMLCh* m_##proper; \
+     public: \
+         pair<bool,int> get##proper() const { \
+-            return make_pair((m_##proper!=nullptr),(m_##proper!=nullptr ? xercesc::XMLString::parseInt(m_##proper): 0)); \
++            if (m_##proper) { \
++                try { \
++                    return std::make_pair(true, xercesc::XMLString::parseInt(m_##proper)); \
++                } \
++                catch (...) { \
++                    return std::make_pair(true, 0); \
++                } \
++            } else { \
++                return std::make_pair(false, 0); \
++            } \
+         } \
+         void set##proper(const XMLCh* proper) { \
+             m_##proper = prepareForAssignment(m_##proper,proper); \
+@@ -1369,7 +1378,16 @@
+ #define DECL_INTEGER_CONTENT(proper) \
+     XMLTOOLING_DOXYGEN(Returns proper in integer form after a NULL indicator.) \
+     std::pair<bool,int> get##proper() const { \
+-        return std::make_pair((getTextContent()!=nullptr), (getTextContent()!=nullptr ? xercesc::XMLString::parseInt(getTextContent()) : 0)); \
++        if (getTextContent()) { \
++            try { \
++                return std::make_pair(true, xercesc::XMLString::parseInt(getTextContent())); \
++            } \
++            catch (...) { \
++                return std::make_pair(true, 0); \
++            } \
++        } else { \
++            return std::make_pair(false, 0); \
++        } \
+     } \
+     XMLTOOLING_DOXYGEN(Sets proper.) \
+     void set##proper(int proper) { \
diff -Nru xmltooling-1.5.3/debian/patches/series xmltooling-1.5.3/debian/patches/series
--- xmltooling-1.5.3/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ xmltooling-1.5.3/debian/patches/series	2015-07-30 09:46:51.000000000 +0000
@@ -0,0 +1 @@
+debian-changes