diff -u libxerces2-java-2.9.1/debian/changelog libxerces2-java-2.9.1/debian/changelog
--- libxerces2-java-2.9.1/debian/changelog
+++ libxerces2-java-2.9.1/debian/changelog
@@ -1,3 +1,11 @@
+libxerces2-java (2.9.1-4.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fixed CVE-2009-2625: denial of service (infinite loop and application hang)
+    via malformed XML input (Closes: #548358)
+
+ -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 29 Jan 2010 11:19:09 +0100
+
 libxerces2-java (2.9.1-4) unstable; urgency=low
 
   * Upload to unstable.
only in patch2:
unchanged:
--- libxerces2-java-2.9.1.orig/debian/patches/04_CVE-2009-2625.patch
+++ libxerces2-java-2.9.1/debian/patches/04_CVE-2009-2625.patch
@@ -0,0 +1,20 @@
+CVE-2009-2625
+diff --git a/src/org/apache/xerces/impl/XMLScanner.java b/src/org/apache/xerces/impl/XMLScanner.java
+index a64ce11..1abca0e 100644
+--- a/src/org/apache/xerces/impl/XMLScanner.java
++++ b/src/org/apache/xerces/impl/XMLScanner.java
+@@ -1027,6 +1027,14 @@ public abstract class XMLScanner
+                     if (XMLChar.isMarkup(c) || c == ']') {
+                         fStringBuffer.append((char)fEntityScanner.scanChar());
+                     }
++                    else if (XMLChar.isHighSurrogate(c)) {
++                        scanSurrogates(fStringBuffer);
++                    }
++                    else if (isInvalidLiteral(c)) {
++                        reportFatalError("InvalidCharInSystemID",
++                                new Object[] { Integer.toHexString(c) }); 
++                        fEntityScanner.scanChar();
++                    }
+                 } while (fEntityScanner.scanLiteral(quote, ident) != quote);
+                 fStringBuffer.append(ident);
+                 ident = fStringBuffer;