diff -Nru mercurial-3.7.3/debian/changelog mercurial-3.7.3/debian/changelog
--- mercurial-3.7.3/debian/changelog	2018-11-21 14:52:08.000000000 +0000
+++ mercurial-3.7.3/debian/changelog	2018-11-27 13:56:53.000000000 +0000
@@ -1,3 +1,11 @@
+mercurial (3.7.3-1ubuntu1.2) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: Refresh CVE-2018-13347-extras.patch as it was
+    missing part of the fix. Also updated CVE-2018-13346.patch and
+    CVE-2018-13348.patch to correctly reflect the correct lines.
+
+ -- Eduardo Barretto <eduardo.barretto@canonical.com>  Tue, 27 Nov 2018 11:54:57 -0200
+
 mercurial (3.7.3-1ubuntu1.1) xenial-security; urgency=medium
 
   * SECURITY UPDATE: The convert extension might allow attackers to
diff -Nru mercurial-3.7.3/debian/patches/CVE-2018-13346.patch mercurial-3.7.3/debian/patches/CVE-2018-13346.patch
--- mercurial-3.7.3/debian/patches/CVE-2018-13346.patch	2018-11-13 14:26:12.000000000 +0000
+++ mercurial-3.7.3/debian/patches/CVE-2018-13346.patch	2018-11-27 13:54:29.000000000 +0000
@@ -12,7 +12,7 @@
 
 --- a/mercurial/mpatch.c
 +++ b/mercurial/mpatch.c
-@@ -349,7 +349,8 @@ static int apply(char *buf, const char *orig, Py_ssize_t len, struct flist *l)
+@@ -360,7 +360,8 @@ static int apply(char *buf, const char *orig, Py_ssize_t len, struct flist *l)
  	char *p = buf;
  
  	while (f != l->tail) {
diff -Nru mercurial-3.7.3/debian/patches/CVE-2018-13347-extras.patch mercurial-3.7.3/debian/patches/CVE-2018-13347-extras.patch
--- mercurial-3.7.3/debian/patches/CVE-2018-13347-extras.patch	2018-11-13 18:50:05.000000000 +0000
+++ mercurial-3.7.3/debian/patches/CVE-2018-13347-extras.patch	2018-11-27 13:53:25.000000000 +0000
@@ -160,7 +160,7 @@
  			if (s->end < c)
  				c = s->end;
  			l = cut - offset - s->start;
-@@ -128,16 +186,29 @@ static int discard(struct flist *src, int cut, int offset)
+@@ -128,16 +186,40 @@ static int discard(struct flist *src, int cut, int offset)
  	int postend, c, l;
  
  	while (s != src->tail) {
@@ -181,7 +181,19 @@
 +			break;
 +		}
  		if (postend <= cut) {
- 			offset += s->start + s->len - s->end;
+-			offset += s->start + s->len - s->end;
++                       /* do the subtraction first to avoid UB integer overflow
++                        */
++                       int tmp = s->start;
++                       if (!safesub(s->end, &tmp)) {
++                               break;
++                       }
++                       if (!safeadd(s->len, &tmp)) {
++                               break;
++                       }
++                       if (!safeadd(tmp, &offset)) {
++                               break;
++                       }
  			s++;
  		}
  		else {
@@ -193,7 +205,7 @@
  			if (s->end < c)
  				c = s->end;
  			l = cut - offset - s->start;
-@@ -179,8 +250,18 @@ static struct flist *combine(struct flist *a, struct flist *b)
+@@ -179,8 +261,18 @@ static struct flist *combine(struct flist *a, struct flist *b)
  
  			/* insert new hunk */
  			ct = c->tail;
diff -Nru mercurial-3.7.3/debian/patches/CVE-2018-13348.patch mercurial-3.7.3/debian/patches/CVE-2018-13348.patch
--- mercurial-3.7.3/debian/patches/CVE-2018-13348.patch	2018-11-13 14:35:54.000000000 +0000
+++ mercurial-3.7.3/debian/patches/CVE-2018-13348.patch	2018-11-27 13:54:46.000000000 +0000
@@ -15,7 +15,7 @@
 
 --- a/mercurial/mpatch.c
 +++ b/mercurial/mpatch.c
-@@ -292,7 +292,9 @@ static struct flist *decode(const char *bin, Py_ssize_t len)
+@@ -303,7 +303,9 @@ static struct flist *decode(const char *bin, Py_ssize_t len)
  
  	lt = l->tail;