diff -u libvorbis-1.3.2/debian/changelog libvorbis-1.3.2/debian/changelog
--- libvorbis-1.3.2/debian/changelog
+++ libvorbis-1.3.2/debian/changelog
@@ -1,3 +1,10 @@
+libvorbis (1.3.2-1.2) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix cve-2012-0444: buffer overflow in floor1.c.
+
+ -- Michael Gilbert <mgilbert@debian.org>  Tue, 17 Apr 2012 22:37:49 -0400
+
 libvorbis (1.3.2-1.1) unstable; urgency=low
 
   * Non-maintainer upload.
only in patch2:
unchanged:
--- libvorbis-1.3.2.orig/lib/floor1.c
+++ libvorbis-1.3.2/lib/floor1.c
@@ -167,6 +167,7 @@
 
   for(j=0,k=0;j<info->partitions;j++){
     count+=info->class_dim[info->partitionclass[j]];
+    if(count>VIF_POSIT) goto err_out;
     for(;k<count;k++){
       int t=info->postlist[k+2]=oggpack_read(opb,rangebits);
       if(t<0 || t>=(1<<rangebits))