diff -u xpdf-3.02/debian/changelog xpdf-3.02/debian/changelog
--- xpdf-3.02/debian/changelog
+++ xpdf-3.02/debian/changelog
@@ -1,3 +1,11 @@
+xpdf (3.02-1.4+lenny4) oldstable-proposed-updates; urgency=low
+
+  * Fix cve-2011-2902: insecure tempfile usage in zxpdf.
+  * Disable t1lib (fixes cve-2011-0764, cve-2011-1552, cve-2011-1553, and 
+    cve-2011-1554).
+
+ -- Michael Gilbert <michael.s.gilbert@gmail.com>  Sun, 28 Aug 2011 20:32:08 +0000
+
 xpdf (3.02-1.4+lenny3) stable-security; urgency=high
 
   * Non-maintainer upload by the security team.
diff -u xpdf-3.02/debian/rules xpdf-3.02/debian/rules
--- xpdf-3.02/debian/rules
+++ xpdf-3.02/debian/rules
@@ -19,7 +19,7 @@
 		--enable-multithreaded \
 		--with-Xm-includes=$(shell pwd)/lesstif \
 		--with-freetype2-includes=/usr/include/freetype2 \
-		--with-t1-includes=/usr/include
+		--with-t1-library=no
 	$(MAKE) 
 	touch build-stamp
 
diff -u xpdf-3.02/debian/zxpdf xpdf-3.02/debian/zxpdf
--- xpdf-3.02/debian/zxpdf
+++ xpdf-3.02/debian/zxpdf
@@ -40,8 +40,7 @@
 then
     tmp="$file"
 else
-    tmp=$(basename "$file")
-    tmp=$(tempfile -p "${tmp%.pdf*}" -s .pdf)
+    tmp=$(tempfile -s .pdf)
     $cat "$file" >"$tmp"
 fi