diff -u opendmarc-1.3.2/debian/changelog opendmarc-1.3.2/debian/changelog
--- opendmarc-1.3.2/debian/changelog
+++ opendmarc-1.3.2/debian/changelog
@@ -1,3 +1,17 @@
+opendmarc (1.3.2-3ubuntu0.2) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: false authentication results
+    - debian/patches/CVE-2020-12272.patch: check syntaxes of domain names
+      passed to opendmarc_policy_store_spf() and
+      opendmarc_policy_store_dkim().
+    - CVE-2020-12272
+  * SECURITY UPDATE: heap overflow
+    - debian/patches/CVE-2020-12460.patch: ensure NULL-termination of the
+      buffer is passed to opendmarc_xml() from opendmarc_xml_parse().
+    - CVE-2020-12460
+
+ -- Allen Huang <allen.huang@canonical.com>  Thu, 07 Sep 2023 14:33:58 +0100
+
 opendmarc (1.3.2-3ubuntu0.1) bionic-security; urgency=medium
 
   * Merge patches from Debian.
diff -u opendmarc-1.3.2/debian/patches/series opendmarc-1.3.2/debian/patches/series
--- opendmarc-1.3.2/debian/patches/series
+++ opendmarc-1.3.2/debian/patches/series
@@ -1,3 +1,5 @@
+CVE-2020-12460.patch
+CVE-2020-12272.patch
 fix-python-interpreter.diff
 ticket153.patch
 ticket168.patch
only in patch2:
unchanged:
--- opendmarc-1.3.2.orig/debian/patches/CVE-2020-12272.patch
+++ opendmarc-1.3.2/debian/patches/CVE-2020-12272.patch
@@ -0,0 +1,77 @@
+From f3a9a9d4edfaa05102292727d021683f58aa4b6e Mon Sep 17 00:00:00 2001
+From: "Murray S. Kucherawy" <msk@trusteddomain.org>
+Date: Wed, 17 Mar 2021 17:22:25 -0700
+Subject: [PATCH] Check syntax of domain names passed to
+ opendmarc_policy_store_{spf,dkim}.
+
+---
+ libopendmarc/opendmarc_policy.c | 33 +++++++++++++++++++++++++++++++++
+ 1 file changed, 33 insertions(+)
+
+Index: opendmarc-1.3.2/libopendmarc/opendmarc_policy.c
+===================================================================
+--- opendmarc-1.3.2.orig/libopendmarc/opendmarc_policy.c	2023-09-08 09:04:12.595964291 +0100
++++ opendmarc-1.3.2/libopendmarc/opendmarc_policy.c	2023-09-08 10:03:46.494341340 +0100
+@@ -4,6 +4,8 @@
+ **  Copyright (c) 2012-2016, The Trusted Domain Project.  All rights reserved.
+ **************************************************************************/
+ 
++#include <ctype.h>
++
+ #include "opendmarc_internal.h"
+ #include "dmarc.h"
+ 
+@@ -22,6 +24,33 @@
+ # include <opendmarc_strl.h>
+ #endif /* USE_DMARCSTRL_H */
+ 
++/*
++**  CHECK_DOMAIN -- check for syntactical validity of a domain name
++**
++**  Parameters:
++**  	domain -- domain name to check
++**
++**  Return value:
++**  	TRUE if the syntax was fine, FALSE otherwise.
++*/
++
++bool check_domain(u_char *domain)
++{
++	u_char *dp;
++
++	for (dp = domain; *dp != '\0'; dp++)
++	{
++		if (!(isalpha(*dp) ||
++		      isdigit(*dp) ||
++		      *dp == '.' ||
++		      *dp == '-' ||
++		      *dp == '_'))
++			return FALSE;
++	}
++
++	return TRUE;
++}
++
+ /**************************************************************************
+ ** OPENDMARC_POLICY_LIBRARY_INIT -- Initialize The Library
+ **	Parameters:
+@@ -383,6 +412,8 @@
+ 		return DMARC_PARSE_ERROR_NULL_CTX;
+ 	if (domain == NULL || strlen((char *)domain) == 0)
+ 		return DMARC_PARSE_ERROR_EMPTY;
++	if (!check_domain(domain))
++		return DMARC_PARSE_ERROR_BAD_VALUE;
+ 	dp = opendmarc_util_finddomain(domain, domain_buf, sizeof domain_buf);
+ 	if (dp == NULL)
+ 		return DMARC_PARSE_ERROR_NO_DOMAIN;
+@@ -450,6 +481,10 @@
+ 		return DMARC_PARSE_ERROR_NULL_CTX;
+ 	if (d_equal_domain == NULL || strlen((char *)d_equal_domain) == 0)
+ 		return DMARC_PARSE_ERROR_EMPTY;
++  if (pctx->from_domain == NULL)
++		return DMARC_FROM_DOMAIN_ABSENT;
++	if (!check_domain(d_equal_domain))
++		return DMARC_PARSE_ERROR_BAD_VALUE;
+ 
+ 	switch (dkim_result)
+ 	{
only in patch2:
unchanged:
--- opendmarc-1.3.2.orig/debian/patches/CVE-2020-12460.patch
+++ opendmarc-1.3.2/debian/patches/CVE-2020-12460.patch
@@ -0,0 +1,39 @@
+From 50d28af25d8735504b6103537228ce7f76ad765f Mon Sep 17 00:00:00 2001
+From: "Murray S. Kucherawy" <msk@blackops.org>
+Date: Wed, 5 Aug 2020 21:56:01 +0000
+Subject: [PATCH] In opendmarc_xml_parse(), ensure NULL-termination of the
+ buffer passed to opendmarc_xml().
+
+---
+ libopendmarc/opendmarc_xml.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/libopendmarc/opendmarc_xml.c
++++ b/libopendmarc/opendmarc_xml.c
+@@ -158,7 +158,7 @@
+ 			if (*cp != '<')
+ 				continue;
+ 			++cp;
+-			for(sp = cp; *sp != '\0'; ++sp)
++			for (sp = cp; *sp != '\0'; ++sp)
+ 			{
+ 				if (*sp == '?')
+ 					break;
+@@ -546,7 +546,7 @@
+ 	if (fname == NULL)
+ 	{
+ 		xerror = errno;
+-		(void) snprintf(err_buf, err_len, "%s: %s", fname, "File name was NULL");
++		(void) snprintf(err_buf, err_len, "%s", "File name was NULL");
+ 		errno = EINVAL;
+ 		return NULL;
+ 	}
+@@ -572,7 +572,7 @@
+ 		return NULL;
+ 	}
+ 
+-	bufp = calloc(statb.st_size, 1);
++	bufp = calloc(statb.st_size + 1, 1);
+ 	if (bufp == NULL)
+ 	{
+ 		xerror = errno;