diff -u pango1.0-1.20.5/debian/changelog pango1.0-1.20.5/debian/changelog
--- pango1.0-1.20.5/debian/changelog
+++ pango1.0-1.20.5/debian/changelog
@@ -1,3 +1,13 @@
+pango1.0 (1.20.5-5+lenny1) stable-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fixed CVE-2010-0421: improper input sanitization, leading to array indexing
+    error, in the way Pango font rendering library synthesized Glyph Definition
+    Table (GDEF) from the font's character map and the Unicode property
+    database. (Closes: #574021)
+
+ -- Giuseppe Iuculano <iuculano@debian.org>  Thu, 18 Mar 2010 15:18:06 +0100
+
 pango1.0 (1.20.5-5) stable; urgency=low
 
   * Merge changes from the 1.20.5-3+lenny1 security upload by Steffen 
diff -u pango1.0-1.20.5/debian/patches/series pango1.0-1.20.5/debian/patches/series
--- pango1.0-1.20.5/debian/patches/series
+++ pango1.0-1.20.5/debian/patches/series
@@ -8,0 +9 @@
+CVE-2010-0421.patch
only in patch2:
unchanged:
--- pango1.0-1.20.5.orig/debian/patches/CVE-2010-0421.patch
+++ pango1.0-1.20.5/debian/patches/CVE-2010-0421.patch
@@ -0,0 +1,32 @@
+CVE-2010-0421
+--- a/pango/opentype/harfbuzz-gdef.c
++++ b/pango/opentype/harfbuzz-gdef.c
+@@ -923,7 +923,7 @@ HB_Error  HB_GDEF_Build_ClassDefinition(
+ 	    goto Fail1;
+       }
+ 
+-      if ( gcrr[count - 1].End != num_glyphs - 1 )
++      if ( gcrr[count - 1].End + 1 < num_glyphs )
+       {
+ 	if ( ALLOC_ARRAY( ngc[count],
+ 			  ( num_glyphs - gcrr[count - 1].End + 2 ) / 4,
+@@ -938,7 +938,9 @@ HB_Error  HB_GDEF_Build_ClassDefinition(
+ 			HB_UShort ) )
+ 	  goto Fail2;
+   }
+-      
++  else
++    num_glyphs = 1;
++
+   gdef->LastGlyph = num_glyphs - 1;
+ 
+   gdef->MarkAttachClassDef_offset = 0L;
+@@ -996,6 +998,8 @@ _HB_GDEF_Add_Glyph_Property( HB_GDEFHead
+   HB_ClassRangeRecord*  gcrr;
+   HB_UShort**            ngc;
+ 
++  if ( glyphID >= gdef->LastGlyph )
++    return 0;
+ 
+   error = _HB_OPEN_Get_Class( &gdef->GlyphClassDef, glyphID, &class, &index );
+   if ( error && error != HB_Err_Not_Covered )