diff -u ettercap-0.7.3/debian/changelog ettercap-0.7.3/debian/changelog
--- ettercap-0.7.3/debian/changelog
+++ ettercap-0.7.3/debian/changelog
@@ -1,3 +1,18 @@
+ettercap (1:0.7.3-2.1+squeeze2) squeeze-lts; urgency=medium
+
+   * Patch a bunch of security vulnerabilities (closes: #773416)
+     - CVE-2014-9380 (Buffer over-read)
+     - CVE-2014-9381 (Signedness error)
+     See:
+     https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/
+     Patches taken from upstream
+     - 6b196e011fa456499ed4650a360961a2f1323818 pull/608
+     - 31b937298c8067e6b0c3217c95edceb983dfc4a2 pull/609
+     Thanks to Nick Sampanis <n.sampanis@obrela.com> who is responsible for
+     both finding and repairing these issues.
+
+ -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it>  Mon, 22 Dec 2014 11:19:46 +0100
+
 ettercap (1:0.7.3-2.1+squeeze1) stable; urgency=high
 
   * Quilt patch for CVE-2013-0722, a stack-based buffer overflow when
only in patch2:
unchanged:
--- ettercap-0.7.3.orig/src/dissectors/ec_cvs.c
+++ ettercap-0.7.3/src/dissectors/ec_cvs.c
@@ -70,7 +70,7 @@
 {
    DECLARE_DISP_PTR_END(ptr, end);
    char tmp[MAX_ASCII_ADDR_LEN];
-   char *p;
+   u_char *p;
    size_t i;
 
    /* don't complain about unused var */
@@ -92,6 +92,8 @@
    
    /* move over the cvsroot path */
    ptr += strlen(CVS_LOGIN) + 1;
+   if (ptr >= end)
+       return NULL;
 
    /* go until \n */
    while(*ptr != '\n' && ptr != end) ptr++;