--- gnome-xcf-thumbnailer-1.0.orig/debian/changelog
+++ gnome-xcf-thumbnailer-1.0/debian/changelog
@@ -0,0 +1,14 @@
+gnome-xcf-thumbnailer (1.0-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload by the Security Team
+  * Fix CVE-2010-0217 in the embedded code copy of xcftools, well spotted
+    by Silvio Cesare. Patch by Henning Makholm (Closes: #601735)
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Thu, 04 Nov 2010 18:32:11 +0100
+
+gnome-xcf-thumbnailer (1.0-1) unstable; urgency=low
+
+  * Initial packaging.
+
+ -- Ross Burton <ross@debian.org>  Fri, 02 May 2008 11:03:40 +0100
+
--- gnome-xcf-thumbnailer-1.0.orig/debian/compat
+++ gnome-xcf-thumbnailer-1.0/debian/compat
@@ -0,0 +1 @@
+5
--- gnome-xcf-thumbnailer-1.0.orig/debian/copyright
+++ gnome-xcf-thumbnailer-1.0/debian/copyright
@@ -0,0 +1,27 @@
+This package was debianized by Ross Burton <ross@debian.org> on Fri, 02 May 2008
+10:11:14 +0100
+
+It was downloaded from http://download.gnome.org/sources/gnome-xcf-thumbnailer
+
+Copyright:
+
+    Copyright (C) 2008 Bastien Nocera <hadess@hadess.net>,
+                       Henning Makholm <henning@makholm.net>
+
+License:
+
+   This package is free software; you can redistribute it and/or modify it under
+   the terms of the GNU General Public License as published by the Free Software
+   Foundation; version 2 dated June, 1991.
+
+   This package is distributed in the hope that it will be useful, but WITHOUT
+   ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+   FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+   details.
+
+   You should have received a copy of the GNU General Public License along with
+   this package; if not, write to the Free Software Foundation, Inc., 51
+   Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
+On Debian systems, the complete text of the GNU General Public License can be
+found in `/usr/share/common-licenses/GPL-2'.
--- gnome-xcf-thumbnailer-1.0.orig/debian/control
+++ gnome-xcf-thumbnailer-1.0/debian/control
@@ -0,0 +1,12 @@
+Source: gnome-xcf-thumbnailer
+Section: gnome
+Priority: optional
+Maintainer: Ross Burton <ross@debian.org>
+Build-Depends: debhelper (>> 5.0.0), cdbs (>= 0.4.30), libpng12-dev, libglib2.0-dev (>= 2.16), gconf2
+Standards-Version: 3.7.3
+
+Package: gnome-xcf-thumbnailer
+Architecture: any
+Depends: ${shlibs:Depends}, gconf2
+Description: GNOME thumbnailer for GIMP XCF files.
+ A GNOME thumbnailer for GIMP XCF files.
--- gnome-xcf-thumbnailer-1.0.orig/debian/rules
+++ gnome-xcf-thumbnailer-1.0/debian/rules
@@ -0,0 +1,7 @@
+#!/usr/bin/make -f
+
+include /usr/share/cdbs/1/rules/debhelper.mk
+include /usr/share/cdbs/1/class/gnome.mk
+include /usr/share/cdbs/1/rules/simple-patchsys.mk
+
+export LDFLAGS += -Wl,--as-needed
--- gnome-xcf-thumbnailer-1.0.orig/debian/patches/no-popt.patch
+++ gnome-xcf-thumbnailer-1.0/debian/patches/no-popt.patch
@@ -0,0 +1,22 @@
+--- Makefile.am~	2008-05-01 17:45:49.000000000 +0100
++++ Makefile.am	2008-05-08 19:39:04.000000000 +0100
+@@ -18,7 +18,7 @@
+ 
+ gnome_xcf_thumbnailer_CPPFLAGS = $(LIBPNG_CFLAGS) $(GIO_CFLAGS) -DOPTSTRING=\"h\"
+ 
+-gnome_xcf_thumbnailer_LDADD = $(LIBPNG_LIBS) $(GIO_LIBS) -lpopt
++gnome_xcf_thumbnailer_LDADD = $(LIBPNG_LIBS) $(GIO_LIBS)
+ 
+ 
+ schemasdir = $(GCONF_SCHEMA_FILE_DIR)
+--- Makefile.in~	2008-05-01 17:45:51.000000000 +0100
++++ Makefile.in	2008-05-08 19:38:59.000000000 +0100
+@@ -204,7 +204,7 @@
+ 	options.i xcf2png.oi
+ 
+ gnome_xcf_thumbnailer_CPPFLAGS = $(LIBPNG_CFLAGS) $(GIO_CFLAGS) -DOPTSTRING=\"h\"
+-gnome_xcf_thumbnailer_LDADD = $(LIBPNG_LIBS) $(GIO_LIBS) -lpopt
++gnome_xcf_thumbnailer_LDADD = $(LIBPNG_LIBS) $(GIO_LIBS)
+ schemasdir = $(GCONF_SCHEMA_FILE_DIR)
+ schemas_in_files = gnome-xcf-thumbnailer.schemas.in
+ schemas_DATA = gnome-xcf-thumbnailer.schemas
--- gnome-xcf-thumbnailer-1.0.orig/debian/patches/CVE-2009-0217.patch
+++ gnome-xcf-thumbnailer-1.0/debian/patches/CVE-2009-0217.patch
@@ -0,0 +1,20 @@
+diff -ur xcftools-1.0.4-orig/flatspec.c xcftools-1.0.4/flatspec.c
+--- xcftools-1.0.4-orig/flatspec.c	2006-02-22 01:38:49.000000000 +0100
++++ flatspec.c	2009-07-03 22:32:55.000000000 +0200
+@@ -210,7 +210,15 @@
+     }
+   }
+   computeDimensions(&spec->dim);
+-  
++
++  /* We can't handle negative coordinates properly, so abort rather than
++   * crash chaotically. See CVE-2009-217; Debian bug #533361.
++   */
++  if( spec->dim.c.t < 0 || spec->dim.c.l < 0 ) {
++    FatalUnsupportedXCF("This version cannot extract pixels above or to the "
++                        "left of the canvas");
++  }
++
+   /* Turn off layers that we don't hit at all */
+   for( i=0; i<spec->numLayers; i++ )
+     if( spec->layers[i].isVisible &&