diff -Nru geis-2.2.13/debian/changelog geis-2.2.13/debian/changelog
--- geis-2.2.13/debian/changelog	2012-11-09 18:57:47.000000000 +0000
+++ geis-2.2.13/debian/changelog	2012-11-13 10:59:35.000000000 +0000
@@ -1,3 +1,11 @@
+geis (2.2.13-0ubuntu2~matttbe0) raring; urgency=low
+
+  * debian/patches/bzr_lp1077376.patch:
+    - Avoided a dereference of a freed pointer when more than one V1 gesture
+      type is subscribed (lp: #1077376).
+
+ -- Matthieu Baerts (matttbe) <matttbe@ubuntu.com>  Tue, 13 Nov 2012 11:57:50 +0100
+
 geis (2.2.13-0ubuntu1) raring; urgency=low
 
   * New upstream release.
diff -Nru geis-2.2.13/debian/patches/bzr_lp1077376.patch geis-2.2.13/debian/patches/bzr_lp1077376.patch
--- geis-2.2.13/debian/patches/bzr_lp1077376.patch	1970-01-01 00:00:00.000000000 +0000
+++ geis-2.2.13/debian/patches/bzr_lp1077376.patch	2012-11-13 11:00:47.000000000 +0000
@@ -0,0 +1,121 @@
+From: Stephen M. Webb <stephen.webb@canonical.com>
+Subject: Avoided a dereference of a freed pointer when more than one V1 gesture type is subscribed
+Bug: https://launchpad.net/bugs/1077376
+Bug-Ubuntu: https://launchpad.net/bugs/1077376
+
+Avoids dereferencing a freed pointer when more than one V1 gesture class is subscribed (lp: #1077376).
+No new tests are required: current existing tests were failing and now pass with this fix.
+Evince no longer crashes with this fix applied.
+
+=== modified file 'libgeis/geis_subscription.c'
+Index: geis-2.2.13/libgeis/geis_subscription.c
+===================================================================
+--- geis-2.2.13.orig/libgeis/geis_subscription.c	2012-11-09 16:41:15.000000000 +0100
++++ geis-2.2.13/libgeis/geis_subscription.c	2012-11-13 11:54:18.411593882 +0100
+@@ -337,6 +337,7 @@
+   if (sub->sub_backend_token)
+   {
+     status = geis_backend_token_deactivate(sub->sub_backend_token, sub);
++    sub->sub_backend_token = NULL;
+   }
+   return status;
+ }
+Index: geis-2.2.13/libgeis/geis_v1.c
+===================================================================
+--- geis-2.2.13.orig/libgeis/geis_v1.c	2012-11-09 16:41:15.000000000 +0100
++++ geis-2.2.13/libgeis/geis_v1.c	2012-11-13 11:55:11.447595148 +0100
+@@ -619,19 +619,7 @@
+   {
+     const char **g;
+ 
+-    if (device_id != 0)
+-    {
+-      geis_debug("subscribing device %d for the following gestures:", device_id);
+-      result = geis_filter_add_term(instance->window_filter,
+-                          GEIS_FILTER_DEVICE,
+-                          GEIS_DEVICE_ATTRIBUTE_ID, GEIS_FILTER_OP_EQ,
+-                          device_id, NULL);
+-      if (result != GEIS_STATUS_SUCCESS)
+-      {
+-        geis_error("error adding device filter term");
+-      }
+-    }
+-
++    geis_debug("subscribing device %d for the following gestures:", device_id);
+     for (g = gesture_list; *g; ++g)
+     {
+       GeisV1AttrMap v1attr;
+@@ -664,6 +652,17 @@
+ 	      geis_error("error adding gesture class filter term");
+ 	    }
+ 
++            if (device_id != 0)
++            {
++              result = geis_filter_add_term(filter,
++                                  GEIS_FILTER_DEVICE, GEIS_DEVICE_ATTRIBUTE_ID, GEIS_FILTER_OP_EQ,
++                                  device_id, NULL);
++              if (result != GEIS_STATUS_SUCCESS)
++              {
++                geis_error("error adding device filter term");
++              }
++            }
++
+ 	    result = geis_subscription_add_filter(instance->subscription, filter); 
+ 	    if (result != GEIS_STATUS_SUCCESS)
+ 	    {
+@@ -674,14 +673,6 @@
+ 	}
+       }
+     }
+-
+-    /* remove the window-id-only filter since it allows ALL gesture classes */
+-    result = geis_subscription_remove_filter(instance->subscription, 
+-                                             instance->window_filter);
+-    if (result != GEIS_STATUS_SUCCESS)
+-    {
+-      geis_warning("error removing V1 window filter");
+-    }
+   }
+   return result;
+ }
+@@ -696,6 +687,16 @@
+ {
+   GeisStatus result = GEIS_UNKNOWN_ERROR;
+ 
++  /**
++   * If there is no window filter, the instance has already been subscribed to
++   * devices and gestures so skip.
++   */
++  if (NULL == instance->window_filter)
++  {
++    geis_warning("instance has been subscribed twice");
++    return GEIS_STATUS_SUCCESS;
++  }
++
+   memcpy(&instance->gesture_funcs, funcs, sizeof(GeisGestureFuncs));
+   instance->gesture_cookie = cookie;
+ 
+@@ -719,6 +720,23 @@
+       }
+     }
+   }
++
++  /*
++   * If there are specific gesture classes, remove the window-id-only filter since it allows
++   * ALL gesture classes.  It will have been replaced by device-specific or
++   * class-specific filters on the same window.
++   */
++  if (gesture_list && *gesture_list)
++  {
++    result = geis_subscription_remove_filter(instance->subscription,
++                                             instance->window_filter);
++    if (result != GEIS_STATUS_SUCCESS)
++    {
++      geis_warning("error removing V1 window filter");
++    }
++    instance->window_filter = NULL;
++  }
++
+   result = geis_subscription_activate(instance->subscription);
+   return result;
+ }
diff -Nru geis-2.2.13/debian/patches/series geis-2.2.13/debian/patches/series
--- geis-2.2.13/debian/patches/series	2012-11-09 17:49:33.000000000 +0000
+++ geis-2.2.13/debian/patches/series	2012-11-13 11:00:48.000000000 +0000
@@ -1 +1,2 @@
 0001-add-missing-test-symbols.patch
+bzr_lp1077376.patch