diff -Nru gst-plugins-base0.10-0.10.36/debian/changelog gst-plugins-base0.10-0.10.36/debian/changelog
--- gst-plugins-base0.10-0.10.36/debian/changelog	2017-03-23 18:59:04.000000000 +0000
+++ gst-plugins-base0.10-0.10.36/debian/changelog	2019-04-26 13:44:19.000000000 +0000
@@ -1,3 +1,12 @@
+gst-plugins-base0.10 (0.10.36-2ubuntu0.2) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: heap overflow in RTSP parser
+    - debian/patches/CVE-2019-9928.patch: limit length in
+      gst-libs/gst/rtsp/gstrtspconnection.c.
+    - CVE-2019-9928
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 26 Apr 2019 09:43:52 -0400
+
 gst-plugins-base0.10 (0.10.36-2ubuntu0.1) xenial-security; urgency=medium
 
   * SECURITY UPDATE: DoS in windows_icon_typefind
diff -Nru gst-plugins-base0.10-0.10.36/debian/patches/CVE-2019-9928.patch gst-plugins-base0.10-0.10.36/debian/patches/CVE-2019-9928.patch
--- gst-plugins-base0.10-0.10.36/debian/patches/CVE-2019-9928.patch	1970-01-01 00:00:00.000000000 +0000
+++ gst-plugins-base0.10-0.10.36/debian/patches/CVE-2019-9928.patch	2019-04-26 13:43:49.000000000 +0000
@@ -0,0 +1,26 @@
+From f672277509705c4034bc92a141eefee4524d15aa Mon Sep 17 00:00:00 2001
+From: Tobias Ronge <tobiasr@axis.com>
+Date: Thu, 14 Mar 2019 10:12:27 +0100
+Subject: [PATCH] gstrtspconnection: Security loophole making heap overflow
+
+The former code allowed an attacker to create a heap overflow by
+sending a longer than allowed session id in a response and including a
+semicolon to change the maximum length. With this change, the parser
+will never go beyond 512 bytes.
+---
+ gst-libs/gst/rtsp/gstrtspconnection.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: gst-plugins-base0.10-0.10.36/gst-libs/gst/rtsp/gstrtspconnection.c
+===================================================================
+--- gst-plugins-base0.10-0.10.36.orig/gst-libs/gst/rtsp/gstrtspconnection.c	2019-04-26 09:43:47.332610657 -0400
++++ gst-plugins-base0.10-0.10.36/gst-libs/gst/rtsp/gstrtspconnection.c	2019-04-26 09:43:47.332610657 -0400
+@@ -2007,7 +2007,7 @@ build_next (GstRTSPBuilder * builder, Gs
+           maxlen = sizeof (conn->session_id) - 1;
+           /* the sessionid can have attributes marked with ;
+            * Make sure we strip them */
+-          for (i = 0; session_id[i] != '\0'; i++) {
++          for (i = 0; i < maxlen && session_id[i] != '\0'; i++) {
+             if (session_id[i] == ';') {
+               maxlen = i;
+               /* parse timeout */
diff -Nru gst-plugins-base0.10-0.10.36/debian/patches/series gst-plugins-base0.10-0.10.36/debian/patches/series
--- gst-plugins-base0.10-0.10.36/debian/patches/series	2017-03-23 18:58:37.000000000 +0000
+++ gst-plugins-base0.10-0.10.36/debian/patches/series	2019-04-26 13:43:45.000000000 +0000
@@ -6,3 +6,4 @@
 CVE-2017-5837.patch
 CVE-2017-5844.patch
 docs_ftbfs.patch
+CVE-2019-9928.patch