diff -Nru libxml2-2.7.8.dfsg/debian/changelog libxml2-2.7.8.dfsg/debian/changelog
--- libxml2-2.7.8.dfsg/debian/changelog	2012-04-23 05:46:59.000000000 -0400
+++ libxml2-2.7.8.dfsg/debian/changelog	2012-05-23 13:49:58.000000000 -0400
@@ -1,3 +1,11 @@
+libxml2 (2.7.8.dfsg-9.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix cve-2012-3102: off by one poinnter access in xpointer.c 
+    (closes: #674191).
+
+ -- Michael Gilbert <mgilbert@debian.org>  Wed, 23 May 2012 13:48:52 -0400
+
 libxml2 (2.7.8.dfsg-9) unstable; urgency=low
 
   * Multi-Arch ready. (Closes: #643026)
diff -Nru libxml2-2.7.8.dfsg/debian/patches/cve-2012-3102.patch libxml2-2.7.8.dfsg/debian/patches/cve-2012-3102.patch
--- libxml2-2.7.8.dfsg/debian/patches/cve-2012-3102.patch	1969-12-31 19:00:00.000000000 -0500
+++ libxml2-2.7.8.dfsg/debian/patches/cve-2012-3102.patch	2012-05-23 13:50:52.000000000 -0400
@@ -0,0 +1,39 @@
+From d8e1faeaa99c7a7c07af01c1c72de352eb590a3e Mon Sep 17 00:00:00 2001
+From: Jüri Aedla <asd@ut.ee>
+Date: Mon, 07 May 2012 07:06:56 +0000
+Subject: Fix an off by one pointer access
+
+getting out of the range of memory allocated for xpointer decoding
+---
+diff --git a/xpointer.c b/xpointer.c
+index 37afa3a..0b463dd 100644
+--- a/xpointer.c
++++ b/xpointer.c
+@@ -1007,21 +1007,14 @@ xmlXPtrEvalXPtrPart(xmlXPathParserContextPtr ctxt, xmlChar *name) {
+ 		NEXT;
+ 		break;
+ 	    }
+-	    *cur++ = CUR;
+ 	} else if (CUR == '(') {
+ 	    level++;
+-	    *cur++ = CUR;
+ 	} else if (CUR == '^') {
+-	    NEXT;
+-	    if ((CUR == ')') || (CUR == '(') || (CUR == '^')) {
+-		*cur++ = CUR;
+-	    } else {
+-		*cur++ = '^';
+-		*cur++ = CUR;
+-	    }
+-	} else {
+-	    *cur++ = CUR;
++            if ((NXT(1) == ')') || (NXT(1) == '(') || (NXT(1) == '^')) {
++                NEXT;
++            }
+ 	}
++        *cur++ = CUR;
+ 	NEXT;
+     }
+     *cur = 0;
+--
+cgit v0.9.0.2
diff -Nru libxml2-2.7.8.dfsg/debian/patches/series libxml2-2.7.8.dfsg/debian/patches/series
--- libxml2-2.7.8.dfsg/debian/patches/series	2012-04-22 12:24:00.000000000 -0400
+++ libxml2-2.7.8.dfsg/debian/patches/series	2012-05-23 13:51:41.000000000 -0400
@@ -1 +1,2 @@
 01_historical_changes.patch
+cve-2012-3102.patch