diff -Nru apt-1.0.1ubuntu2.17/apt-pkg/acquire-method.cc apt-1.0.1ubuntu2.19/apt-pkg/acquire-method.cc
--- apt-1.0.1ubuntu2.17/apt-pkg/acquire-method.cc	2014-09-29 22:23:17.000000000 +0000
+++ apt-1.0.1ubuntu2.19/apt-pkg/acquire-method.cc	2019-01-18 16:02:59.000000000 +0000
@@ -424,6 +424,12 @@
  * the worker will enqueue again later on to the right queue */
 void pkgAcqMethod::Redirect(const string &NewURI)
 {
+   if (NewURI.find_first_not_of(" !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~") != std::string::npos)
+   {
+      _error->Error("SECURITY: URL redirect target contains control characters, rejecting.");
+      Fail();
+      return;
+   }
    std::cout << "103 Redirect\nURI: " << Queue->Uri << "\n"
 	     << "New-URI: " << NewURI << "\n"
 	     << "\n" << std::flush;
diff -Nru apt-1.0.1ubuntu2.17/apt-pkg/contrib/fileutl.cc apt-1.0.1ubuntu2.19/apt-pkg/contrib/fileutl.cc
--- apt-1.0.1ubuntu2.17/apt-pkg/contrib/fileutl.cc	2016-03-06 18:58:53.000000000 +0000
+++ apt-1.0.1ubuntu2.19/apt-pkg/contrib/fileutl.cc	2018-04-09 13:30:15.000000000 +0000
@@ -781,11 +781,26 @@
       signal(SIGCONT,SIG_DFL);
       signal(SIGTSTP,SIG_DFL);
 
-      // Close all of our FDs - just in case
-      for (int K = 3; K != sysconf(_SC_OPEN_MAX); K++)
+      DIR *dir = opendir("/proc/self/fd");
+      if (dir != NULL)
       {
-	 if(KeepFDs.find(K) == KeepFDs.end())
-	    fcntl(K,F_SETFD,FD_CLOEXEC);
+	 struct dirent *ent;
+	 while ((ent = readdir(dir)))
+	 {
+	    int fd = atoi(ent->d_name);
+	    // If fd > 0, it was a fd number and not . or ..
+	    if (fd >= 3 && KeepFDs.find(fd) == KeepFDs.end())
+	       fcntl(fd,F_SETFD,FD_CLOEXEC);
+	 }
+	 closedir(dir);
+      } else {
+	 long ScOpenMax = sysconf(_SC_OPEN_MAX);
+	 // Close all of our FDs - just in case
+	 for (int K = 3; K != ScOpenMax; K++)
+	 {
+	    if(KeepFDs.find(K) == KeepFDs.end())
+	       fcntl(K,F_SETFD,FD_CLOEXEC);
+	 }
       }
    }
    
diff -Nru apt-1.0.1ubuntu2.17/debian/changelog apt-1.0.1ubuntu2.19/debian/changelog
--- apt-1.0.1ubuntu2.17/debian/changelog	2016-12-08 15:20:00.000000000 +0000
+++ apt-1.0.1ubuntu2.19/debian/changelog	2019-01-18 16:02:59.000000000 +0000
@@ -1,3 +1,17 @@
+apt (1.0.1ubuntu2.19) trusty-security; urgency=medium
+
+  * SECURITY UPDATE: content injection in http method (CVE-2019-3462)
+    (LP: #1812353)
+
+ -- Julian Andres Klode <juliank@ubuntu.com>  Fri, 18 Jan 2019 16:35:08 +0100
+
+apt (1.0.1ubuntu2.18) trusty; urgency=medium
+
+  * ExecFork: Use /proc/self/fd to determine which files to close
+    (Closes: #764204) (LP: #1332440).
+
+ -- Julian Andres Klode <juliank@ubuntu.com>  Mon, 09 Apr 2018 15:32:09 +0200
+
 apt (1.0.1ubuntu2.17) trusty-security; urgency=high
 
   * SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252)