diff --git a/debian/changelog b/debian/changelog
index 50bf1d2de4220654ef9eabab9d84ba2e1cb38a83..c885a97e545be6d2442d96342547a6ded0b6a979 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,11 @@
-tar (1.29b-2) UNRELEASED; urgency=medium
+tar (1.29b-1.1) unstable; urgency=medium
 
-  * add suggests tar-doc, closes: #856958
+  * Non-maintainer upload.
+  * CVE-2016-6321: Bypassing the extract path name.
+    When extracting, member names containing '..' components are skipped.
+    (Closes: #842339)
 
- -- Bdale Garbee <bdale@gag.com>  Tue, 07 Mar 2017 08:49:50 -0700
+ -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 30 Oct 2016 07:35:31 +0100
 
 tar (1.29b-1) unstable; urgency=medium
 
diff --git a/debian/control b/debian/control
index 71c9c7cdeffa257f0ecbb5cdabf8632e9ed91888..9440bd40ff8a9ec7d08c0d15f921b3b836b1d364 100644
--- a/debian/control
+++ b/debian/control
@@ -16,7 +16,7 @@ Essential: yes
 Conflicts: cpio (<= 2.4.2-38)
 Replaces: cpio (<< 2.4.2-39)
 Breaks: dpkg-dev (<< 1.14.26)
-Suggests: bzip2, ncompress, xz-utils, tar-scripts, tar-doc
+Suggests: bzip2, ncompress, xz-utils, tar-scripts
 Description: GNU version of the tar archiving utility
  Tar is a program for packaging a set of files as a single archive in tar
  format.  The function it performs is conceptually similar to cpio, and to
diff --git a/debian/patches/When-extracting-skip-.-members.patch b/debian/patches/When-extracting-skip-.-members.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b624137047f78969744b9563286a5e1ffd8e7619
--- /dev/null
+++ b/debian/patches/When-extracting-skip-.-members.patch
@@ -0,0 +1,33 @@
+Description: When extracting, skip ".." members (CVE-2016-6321)
+Origin: upstream,  http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
+Bug-Debian: https://bugs.debian.org/842339
+Forwarded: not-needed.
+Author: Paul Eggert <eggert@Penguin.CS.UCLA.EDU>
+Last-Update: 2016-10-30
+---
+ src/extract.c | 8 ++++++++
+ 2 files changed, 15 insertions(+), 1 deletion(-)
+
+--- a/src/extract.c
++++ b/src/extract.c
+@@ -1629,12 +1629,20 @@ extract_archive (void)
+ {
+   char typeflag;
+   tar_extractor_t fun;
++  bool skip_dotdot_name;
+ 
+   fatal_exit_hook = extract_finish;
+ 
+   set_next_block_after (current_header);
+ 
++  skip_dotdot_name = (!absolute_names_option
++		      && contains_dot_dot (current_stat_info.orig_file_name));
++  if (skip_dotdot_name)
++    ERROR ((0, 0, _("%s: Member name contains '..'"),
++	    quotearg_colon (current_stat_info.orig_file_name)));
++
+   if (!current_stat_info.file_name[0]
++      || skip_dotdot_name
+       || (interactive_option
+ 	  && !confirm ("extract", current_stat_info.file_name)))
+     {
diff --git a/debian/patches/series b/debian/patches/series
index b7090e0d40a12d166252ca6048e4f63f7d19b439..7c899e5722472bcb27cec3e01ab268d4a6714e83 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 pristine-tar.diff
 listed03-linux-only
 rmt.8-header-wrong
+When-extracting-skip-.-members.patch