diff -Nru libproxy-0.3.1/debian/changelog libproxy-0.3.1/debian/changelog
--- libproxy-0.3.1/debian/changelog	2012-05-18 15:12:37.000000000 -0400
+++ libproxy-0.3.1/debian/changelog	2012-10-27 04:53:47.000000000 -0400
@@ -1,3 +1,10 @@
+libproxy (0.3.1-5.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Fix cve-2012-4505: buffer overflow in lib/pac.c (closes: #690376).
+
+ -- Michael Gilbert <mgilbert@debian.org>  Sat, 27 Oct 2012 04:44:22 -0400
+
 libproxy (0.3.1-5) unstable; urgency=low
 
   [ Kees Cook ]
diff -Nru libproxy-0.3.1/debian/patches/cve-2012-4505.patch libproxy-0.3.1/debian/patches/cve-2012-4505.patch
--- libproxy-0.3.1/debian/patches/cve-2012-4505.patch	1969-12-31 19:00:00.000000000 -0500
+++ libproxy-0.3.1/debian/patches/cve-2012-4505.patch	2012-10-27 04:46:29.000000000 -0400
@@ -0,0 +1,33 @@
+Index: libproxy-0.3.1/src/lib/pac.c
+===================================================================
+--- libproxy-0.3.1.orig/src/lib/pac.c	2012-10-27 04:37:44.000000000 -0400
++++ libproxy-0.3.1/src/lib/pac.c	2012-10-27 04:46:25.932719469 -0400
+@@ -36,6 +36,9 @@
+ 
+ #define PAC_MIME_TYPE "application/x-ns-proxy-autoconfig"
+ 
++// This is the maximum pac size (to avoid memory attacks)
++#define PAC_MAX_SIZE 102400
++
+ /**
+  * ProxyAutoConfig object.  All fields are private.
+  */
+@@ -160,12 +163,15 @@
+ 		}
+ 
+ 		/* Get content */
+-		if (!content_length || !correct_mime_type) goto error;
++		if (content_length == 0 || content_length > PAC_MAX_SIZE || !correct_mime_type) goto error;
+ 		px_free(line); line = NULL;
+ 		px_free(self->cache);
+ 		self->cache = px_malloc0(content_length+1);
+-		for (int recvd=0 ; recvd != content_length ; )
+-			recvd += recv(sock, self->cache + recvd, content_length - recvd, 0);
++		for (int recvd=0 ; recvd != content_length ; ) {
++			int r = recv(sock, self->cache + recvd, content_length - recvd, 0);
++			if (r <= 0) goto error;
++			recvd += r;
++		}
+ 	}
+ 	else
+ 	{ /* file:// url */
diff -Nru libproxy-0.3.1/debian/patches/series libproxy-0.3.1/debian/patches/series
--- libproxy-0.3.1/debian/patches/series	2011-10-24 19:39:24.000000000 -0400
+++ libproxy-0.3.1/debian/patches/series	2012-10-27 04:46:54.000000000 -0400
@@ -1,3 +1,4 @@
 01_pac_http.patch
 02_url_user.patch
 03_format-security.patch
+cve-2012-4505.patch
