diff -Nru mutt-1.9.4/debian/changelog mutt-1.9.4/debian/changelog
--- mutt-1.9.4/debian/changelog	2021-01-21 16:10:01.000000000 +0000
+++ mutt-1.9.4/debian/changelog	2022-04-19 14:32:51.000000000 +0000
@@ -1,3 +1,11 @@
+mutt (1.9.4-3ubuntu0.6) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: Buffer overflow
+    - debian/patches/CVE-2022-1328.patch: Fix uudecode in handler.c.
+    - CVE-2022-1328
+
+ -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Tue, 19 Apr 2022 11:32:51 -0300
+
 mutt (1.9.4-3ubuntu0.5) bionic-security; urgency=medium
 
   * SECURITY UPDATE: Denial of service
diff -Nru mutt-1.9.4/debian/patches/CVE-2022-1328.patch mutt-1.9.4/debian/patches/CVE-2022-1328.patch
--- mutt-1.9.4/debian/patches/CVE-2022-1328.patch	1970-01-01 00:00:00.000000000 +0000
+++ mutt-1.9.4/debian/patches/CVE-2022-1328.patch	2022-04-19 14:32:45.000000000 +0000
@@ -0,0 +1,37 @@
+From e5ed080c00e59701ca62ef9b2a6d2612ebf765a5 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Tue, 5 Apr 2022 11:05:52 -0700
+Subject: [PATCH] Fix uudecode buffer overflow.
+
+mutt_decode_uuencoded() used each line's initial "length character"
+without any validation.  It would happily read past the end of the
+input line, and with a suitable value even past the length of the
+input buffer.
+
+As I noted in ticket 404, there are several other changes that could
+be added to make the parser more robust.  However, to avoid
+accidentally introducing another bug or regression, I'm restricting
+this patch to simply addressing the overflow.
+
+Thanks to Tavis Ormandy for reporting the issue, along with a sample
+message demonstrating the problem.
+---
+ handler.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: mutt-1.9.4/handler.c
+===================================================================
+--- mutt-1.9.4.orig/handler.c
++++ mutt-1.9.4/handler.c
+@@ -403,9 +403,9 @@ static void mutt_decode_uuencoded (STATE
+     pt = tmps;
+     linelen = decode_byte (*pt);
+     pt++;
+-    for (c = 0; c < linelen;)
++    for (c = 0; c < linelen && *pt;)
+     {
+-      for (l = 2; l <= 6; l += 2)
++      for (l = 2; l <= 6 && *pt && *(pt + 1); l += 2)
+       {
+ 	out = decode_byte (*pt) << l;
+ 	pt++;
diff -Nru mutt-1.9.4/debian/patches/series mutt-1.9.4/debian/patches/series
--- mutt-1.9.4/debian/patches/series	2021-01-21 16:09:50.000000000 +0000
+++ mutt-1.9.4/debian/patches/series	2022-04-19 14:32:41.000000000 +0000
@@ -32,3 +32,4 @@
 CVE-2021-3181-1.patch
 CVE-2021-3181-2.patch
 CVE-2021-3181-3.patch
+CVE-2022-1328.patch