diff --git a/debian/patches/series b/debian/patches/series
index e44d1396b..f0b3c08ee 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -16,7 +16,9 @@ upstream/0006-textops-fix-append_body_part.patch
 upstream/core-new-internal-msg-flag-added-FL_RR_ADDED.patch
 upstream/rr-use-internal-msg-flags-to-mark-a-request-with-rec.patch
 # 4.1 upstream fixes
-#
+upstream/0001-sqlops-fix-column-index-for-sqlops_is_null.patch
+upstream/0002-sqlops-fix-use-after-free-by-deep-copying-result-nam.patch
+upstream/0003-modules-nathelper-don-t-include-enclosing-bracket-in.patch
 # fixes from master that are not in 4.2
 upstream/0012-tm-handle-BRANCH_FAILURE_ROUTE-in-t_check_trans-test.patch
 #
diff --git a/debian/patches/upstream/0001-sqlops-fix-column-index-for-sqlops_is_null.patch b/debian/patches/upstream/0001-sqlops-fix-column-index-for-sqlops_is_null.patch
new file mode 100644
index 000000000..0166db75c
--- /dev/null
+++ b/debian/patches/upstream/0001-sqlops-fix-column-index-for-sqlops_is_null.patch
@@ -0,0 +1,29 @@
+From 0c8419e3ef8137b443978195f0dfd975578afcff Mon Sep 17 00:00:00 2001
+From: Daniel-Constantin Mierla <miconda@gmail.com>
+Date: Wed, 18 Mar 2015 18:36:37 +0100
+Subject: [PATCH] sqlops: fix column index for sqlops_is_null()
+
+- report and patch by Mihaly Zachar
+
+(cherry picked from commit 768dc8b566e2af04411570ef7b4d55a210a1927d)
+(cherry picked from commit 6614c8e78ac9cb5add92aff0db2d3a24dbc65423)
+---
+ modules/sqlops/sql_api.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/sqlops/sql_api.c b/modules/sqlops/sql_api.c
+index bbf86c8..2781069 100644
+--- a/modules/sqlops/sql_api.c
++++ b/modules/sqlops/sql_api.c
+@@ -743,7 +743,7 @@ int sqlops_is_null(str *sres, int i, int j)
+ 		LM_ERR("row index out of bounds [%d/%d]\n", i, res->nrows);
+ 		goto error;
+ 	}
+-	if(i>=res->ncols)
++	if(j>=res->ncols)
+ 	{
+ 		LM_ERR("column index out of bounds [%d/%d]\n", j, res->ncols);
+ 		goto error;
+-- 
+2.1.4
+
diff --git a/debian/patches/upstream/0002-sqlops-fix-use-after-free-by-deep-copying-result-nam.patch b/debian/patches/upstream/0002-sqlops-fix-use-after-free-by-deep-copying-result-nam.patch
new file mode 100644
index 000000000..8db56941d
--- /dev/null
+++ b/debian/patches/upstream/0002-sqlops-fix-use-after-free-by-deep-copying-result-nam.patch
@@ -0,0 +1,47 @@
+From 59f3fa679d35d64db42037ef862bb8a1c4c12cb7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Mon, 9 Mar 2015 16:30:53 +0200
+Subject: [PATCH] sqlops: fix use-after-free by deep copying result name
+
+When creating a new result handle, deep copy the result name.
+Otherwise we might end up accessing the name after it's freed.
+
+(cherry picked from commit 6e2604464e64cfaaf1e0327228f53f4787b69470)
+---
+ modules/sqlops/sql_api.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/modules/sqlops/sql_api.c b/modules/sqlops/sql_api.c
+index 2781069..25c25f7 100644
+--- a/modules/sqlops/sql_api.c
++++ b/modules/sqlops/sql_api.c
+@@ -199,14 +199,16 @@ sql_result_t* sql_get_result(str *name)
+ 			return sr;
+ 		sr = sr->next;
+ 	}
+-	sr = (sql_result_t*)pkg_malloc(sizeof(sql_result_t));
++	sr = (sql_result_t*)pkg_malloc(sizeof(sql_result_t) + name->len);
+ 	if(sr==NULL)
+ 	{
+ 		LM_ERR("no pkg memory\n");
+ 		return NULL;
+ 	}
+ 	memset(sr, 0, sizeof(sql_result_t));
+-	sr->name = *name;
++	memcpy(sr+1, name->s, name->len);
++	sr->name.s = (char *)(sr + 1);
++	sr->name.len = name->len;
+ 	sr->resid = resid;
+ 	sr->next = _sql_result_root;
+ 	_sql_result_root = sr;
+@@ -665,6 +667,7 @@ void sql_destroy(void)
+ 		pkg_free(r);
+ 		r = r0;
+ 	}
++	_sql_result_root = NULL;
+ }
+ 
+ /**
+-- 
+2.1.4
+
diff --git a/debian/patches/upstream/0003-modules-nathelper-don-t-include-enclosing-bracket-in.patch b/debian/patches/upstream/0003-modules-nathelper-don-t-include-enclosing-bracket-in.patch
new file mode 100644
index 000000000..4ce968e9a
--- /dev/null
+++ b/debian/patches/upstream/0003-modules-nathelper-don-t-include-enclosing-bracket-in.patch
@@ -0,0 +1,29 @@
+From 64e265981b78eaa88727c9bed33a550348fd9b4b Mon Sep 17 00:00:00 2001
+From: Federico Cabiddu <federico.cabiddu@gmail.com>
+Date: Sat, 9 May 2015 18:16:28 +0200
+Subject: [PATCH] modules/nathelper: don't include enclosing bracket in contact
+ uri in set_contact_alias
+
+(cherry picked from commit b525ada2d12bf85c385a5f97859afd5d52405354)
+---
+ modules/nathelper/nathelper.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/modules/nathelper/nathelper.c b/modules/nathelper/nathelper.c
+index 8d8c897..efa29c0 100644
+--- a/modules/nathelper/nathelper.c
++++ b/modules/nathelper/nathelper.c
+@@ -929,8 +929,8 @@ set_contact_alias_f(struct sip_msg* msg, char* str1, char* str2)
+ 		pkg_free(buf);
+ 		return -1;
+ 	}
+-	c->uri.s = buf;
+-	c->uri.len = len;
++	c->uri.s = buf + br;
++	c->uri.len = len -2*br;
+ 
+ 	return 1;
+ }
+-- 
+2.1.4
+