See the debdiff attached for the package
diff -Nru ulfius-2.7.1/debian/changelog ulfius-2.7.1/debian/changelog --- ulfius-2.7.1/debian/changelog 2021-09-19 15:39:39.000000000 -0400 +++ ulfius-2.7.1/debian/changelog 2021-12-09 08:06:15.000000000 -0500 @@ -1,3 +1,9 @@ +ulfius (2.7.1-1+deb11u2) bullseye; urgency=medium + + * d/patches: Uses o_malloc instead of malloc (Closes: #1001384) + + -- Nicolas Mora <babelou...@debian.org> Thu, 09 Dec 2021 08:06:15 -0500 + ulfius (2.7.1-1+deb11u1) bullseye; urgency=medium * d/patches: Fix CVE-2021-40540 (Closes: #994763) diff -Nru ulfius-2.7.1/debian/patches/malloc.patch ulfius-2.7.1/debian/patches/malloc.patch --- ulfius-2.7.1/debian/patches/malloc.patch 1969-12-31 19:00:00.000000000 -0500 +++ ulfius-2.7.1/debian/patches/malloc.patch 2021-12-09 08:06:15.000000000 -0500 @@ -0,0 +1,34 @@ +Description: call malloc instead of o_malloc +Author: Harald Welte <lafo...@gnumonks.org> +Forwarded: not-needed +--- a/src/u_request.c ++++ b/src/u_request.c +@@ -143,7 +143,7 @@ + */ + static char * url_decode(const char * str) { + if (str != NULL) { +- char * pstr = (char*)str, * buf = malloc(strlen(str) + 1), * pbuf = buf; ++ char * pstr = (char*)str, * buf = o_malloc(strlen(str) + 1), * pbuf = buf; + while (* pstr) { + if (* pstr == '%') { + if (pstr[1] && pstr[2]) { +--- a/src/ulfius.c ++++ b/src/ulfius.c +@@ -1796,7 +1796,7 @@ + char * ulfius_url_encode(const char * str) { + char * pstr = (char*)str, * buf = NULL, * pbuf = NULL; + if (str != NULL) { +- buf = malloc(strlen(str) * 3 + 1); ++ buf = o_malloc(strlen(str) * 3 + 1); + if (buf != NULL) { + pbuf = buf; + while (* pstr) { +@@ -1830,7 +1830,7 @@ + char * ulfius_url_decode(const char * str) { + char * pstr = (char*)str, * buf = NULL, * pbuf = NULL; + if (str != NULL) { +- buf = malloc(strlen(str) + 1); ++ buf = o_malloc(strlen(str) + 1); + if (buf != NULL) { + pbuf = buf; + while (* pstr) { diff -Nru ulfius-2.7.1/debian/patches/series ulfius-2.7.1/debian/patches/series --- ulfius-2.7.1/debian/patches/series 2021-09-19 15:39:39.000000000 -0400 +++ ulfius-2.7.1/debian/patches/series 2021-12-09 08:06:15.000000000 -0500 @@ -1,3 +1,4 @@ +malloc.patch examples.patch doc.patch CVE-2021-40540.patch