diff -Nru libwebp-0.1.3/debian/changelog libwebp-0.1.3/debian/changelog
--- libwebp-0.1.3/debian/changelog	2012-02-22 15:06:33.000000000 -0500
+++ libwebp-0.1.3/debian/changelog	2013-04-02 23:29:46.000000000 -0400
@@ -1,3 +1,10 @@
+libwebp (0.1.3-3+nmu1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix cve-2012-5127: integer overflows in src/dec/webp.c (closes: #704573).
+
+ -- Michael Gilbert <mgilbert@debian.org>  Wed, 03 Apr 2013 02:54:20 +0000
+
 libwebp (0.1.3-3)  unstable; urgency=low
 
   * Close dependency bug fixed in last update (closes: #657896)
diff -Nru libwebp-0.1.3/debian/patches/cve-2012-5127.patch libwebp-0.1.3/debian/patches/cve-2012-5127.patch
--- libwebp-0.1.3/debian/patches/cve-2012-5127.patch	1969-12-31 19:00:00.000000000 -0500
+++ libwebp-0.1.3/debian/patches/cve-2012-5127.patch	2013-04-02 23:29:46.000000000 -0400
@@ -0,0 +1,40 @@
+Description: Fix integer overflow issues
+Author: Michael Gilbert <mgilbert@debian.org>
+
+Index: libwebp-0.1.3/src/dec/webp.c
+===================================================================
+--- libwebp-0.1.3.orig/src/dec/webp.c	2013-04-03 03:23:08.737492443 +0000
++++ libwebp-0.1.3/src/dec/webp.c	2013-04-03 03:29:37.057489091 +0000
+@@ -58,6 +58,9 @@
+       if (*riff_size < TAG_SIZE + CHUNK_HEADER_SIZE) {
+         return VP8_STATUS_BITSTREAM_ERROR;
+       }
++      if (*riff_size > MAX_CHUNK_PAYLOAD) {
++        return VP8_STATUS_BITSTREAM_ERROR;
++      }
+       // We have a RIFF container. Skip it.
+       *data += RIFF_HEADER_SIZE;
+       *data_size -= RIFF_HEADER_SIZE;
+@@ -83,6 +86,9 @@
+ 
+   if (!memcmp(*data, "VP8X", TAG_SIZE)) {
+     const uint32_t chunk_size = get_le32(*data + TAG_SIZE);
++    if (chunk_size > MAX_CHUNK_PAYLOAD) {
++      return VP8_STATUS_BITSTREAM_ERROR;  // Not a valid chunk size.
++    }
+     if (chunk_size != VP8X_CHUNK_SIZE) {
+       return VP8_STATUS_BITSTREAM_ERROR;  // Wrong chunk size.
+     }
+Index: libwebp-0.1.3/src/dec/webpi.h
+===================================================================
+--- libwebp-0.1.3.orig/src/dec/webpi.h	2013-04-03 03:23:08.737492443 +0000
++++ libwebp-0.1.3/src/dec/webpi.h	2013-04-03 03:23:08.721492443 +0000
+@@ -69,6 +69,8 @@
+ #define VP8X_CHUNK_SIZE 12
+ #define VP8_FRAME_HEADER_SIZE 10  // Size of the frame header within VP8 data.
+ 
++#define MAX_CHUNK_PAYLOAD (~0U - CHUNK_HEADER_SIZE - 1)
++
+ // Validates the RIFF container (if detected) and skips over it.
+ // If a RIFF container is detected,
+ // Returns VP8_STATUS_BITSTREAM_ERROR for invalid header, and
diff -Nru libwebp-0.1.3/debian/patches/series libwebp-0.1.3/debian/patches/series
--- libwebp-0.1.3/debian/patches/series	1969-12-31 19:00:00.000000000 -0500
+++ libwebp-0.1.3/debian/patches/series	2013-04-02 23:29:46.000000000 -0400
@@ -0,0 +1 @@
+cve-2012-5127.patch