diff --git a/debian/changelog b/debian/changelog
index 665a3ebfa..fc7015214 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -30,7 +30,11 @@ linux-2.6 (2.6.17-1) UNRELEASED; urgency=low
   * [ia64] Update configs
   * [ia64] Use gcc 4.1.
 
- -- Bastian Blank <waldi@debian.org>  Tue, 20 Jun 2006 14:50:12 +0200
+  [ maximilian attems ]
+  * Add stable release 2.6.17.1:
+    - xt_sctp: fix endless loop caused by 0 chunk length (CVE-2006-3085)
+
+ -- maximilian attems <maks@sternwelten.at>  Tue, 20 Jun 2006 19:34:18 +0200
 
 linux-2.6 (2.6.16+2.6.17-rc3-0experimental.1) experimental; urgency=low
 
diff --git a/debian/patches/2.6.17.1 b/debian/patches/2.6.17.1
new file mode 100644
index 000000000..de9f97313
--- /dev/null
+++ b/debian/patches/2.6.17.1
@@ -0,0 +1,13 @@
+diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c
+index 34bd872..c29692c 100644
+--- a/net/netfilter/xt_sctp.c
++++ b/net/netfilter/xt_sctp.c
+@@ -62,7 +62,7 @@ #endif
+ 
+ 	do {
+ 		sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch);
+-		if (sch == NULL) {
++		if (sch == NULL || sch->length == 0) {
+ 			duprintf("Dropping invalid SCTP packet.\n");
+ 			*hotdrop = 1;
+ 			return 0;
diff --git a/debian/patches/series/1 b/debian/patches/series/1
index 0d93e6a39..9b0233b59 100644
--- a/debian/patches/series/1
+++ b/debian/patches/series/1
@@ -24,3 +24,4 @@
 + s390-drivers-ccw-uevent-cleanup.patch
 + mips-sb1-duart-tts.patch
 #FIXME + powerpc-mkvmlinuz-support-2.patch
++ 2.6.17.1