diff -Nru openssl1.0-1.0.2n/debian/changelog openssl1.0-1.0.2n/debian/changelog
--- openssl1.0-1.0.2n/debian/changelog	2018-12-04 15:58:01.000000000 +0000
+++ openssl1.0-1.0.2n/debian/changelog	2019-02-26 19:46:16.000000000 +0000
@@ -1,3 +1,14 @@
+openssl1.0 (1.0.2n-1ubuntu5.3) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: 0-byte record padding oracle
+    - debian/patches/CVE-2019-1559.patch: go into the error state if a
+      fatal alert is sent or received in ssl/d1_pkt.c, ssl/s3_pkt.c.
+    - CVE-2019-1559
+  * debian/patches/s390x-fix-aes-gcm-tls.patch: fix typo in backported
+    s390x hw acceleration patch. (LP: #1775018)
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 26 Feb 2019 14:46:16 -0500
+
 openssl1.0 (1.0.2n-1ubuntu5.2) bionic-security; urgency=medium
 
   * SECURITY UPDATE: PortSmash side channel attack
diff -Nru openssl1.0-1.0.2n/debian/patches/CVE-2019-1559.patch openssl1.0-1.0.2n/debian/patches/CVE-2019-1559.patch
--- openssl1.0-1.0.2n/debian/patches/CVE-2019-1559.patch	1970-01-01 00:00:00.000000000 +0000
+++ openssl1.0-1.0.2n/debian/patches/CVE-2019-1559.patch	2019-02-26 19:46:12.000000000 +0000
@@ -0,0 +1,57 @@
+From e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 14 Dec 2018 07:28:30 +0000
+Subject: [PATCH] Go into the error state if a fatal alert is sent or received
+
+If an application calls SSL_shutdown after a fatal alert has occured and
+then behaves different based on error codes from that function then the
+application may be vulnerable to a padding oracle.
+
+CVE-2019-1559
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+---
+ ssl/d1_pkt.c |  1 +
+ ssl/s3_pkt.c | 10 +++++++---
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+Index: openssl1.0-1.0.2n/ssl/d1_pkt.c
+===================================================================
+--- openssl1.0-1.0.2n.orig/ssl/d1_pkt.c	2019-02-26 14:45:01.541499883 -0500
++++ openssl1.0-1.0.2n/ssl/d1_pkt.c	2019-02-26 14:45:01.533499857 -0500
+@@ -1290,6 +1290,7 @@ int dtls1_read_bytes(SSL *s, int type, u
+             ERR_add_error_data(2, "SSL alert number ", tmp);
+             s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+             SSL_CTX_remove_session(s->session_ctx, s->session);
++            s->state = SSL_ST_ERR;
+             return (0);
+         } else {
+             al = SSL_AD_ILLEGAL_PARAMETER;
+Index: openssl1.0-1.0.2n/ssl/s3_pkt.c
+===================================================================
+--- openssl1.0-1.0.2n.orig/ssl/s3_pkt.c	2019-02-26 14:45:01.541499883 -0500
++++ openssl1.0-1.0.2n/ssl/s3_pkt.c	2019-02-26 14:45:01.533499857 -0500
+@@ -1502,6 +1502,7 @@ int ssl3_read_bytes(SSL *s, int type, un
+             ERR_add_error_data(2, "SSL alert number ", tmp);
+             s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+             SSL_CTX_remove_session(s->session_ctx, s->session);
++            s->state = SSL_ST_ERR;
+             return (0);
+         } else {
+             al = SSL_AD_ILLEGAL_PARAMETER;
+@@ -1721,9 +1722,12 @@ int ssl3_send_alert(SSL *s, int level, i
+                                           * protocol_version alerts */
+     if (desc < 0)
+         return -1;
+-    /* If a fatal one, remove from cache */
+-    if ((level == 2) && (s->session != NULL))
+-        SSL_CTX_remove_session(s->session_ctx, s->session);
++    /* If a fatal one, remove from cache and go into the error state */
++    if (level == SSL3_AL_FATAL) {
++        if (s->session != NULL)
++            SSL_CTX_remove_session(s->session_ctx, s->session);
++        s->state = SSL_ST_ERR;
++    }
+ 
+     s->s3->alert_dispatch = 1;
+     s->s3->send_alert[0] = level;
diff -Nru openssl1.0-1.0.2n/debian/patches/s390x-fix-aes-gcm-tls.patch openssl1.0-1.0.2n/debian/patches/s390x-fix-aes-gcm-tls.patch
--- openssl1.0-1.0.2n/debian/patches/s390x-fix-aes-gcm-tls.patch	1970-01-01 00:00:00.000000000 +0000
+++ openssl1.0-1.0.2n/debian/patches/s390x-fix-aes-gcm-tls.patch	2019-02-26 19:46:16.000000000 +0000
@@ -0,0 +1,18 @@
+Description: fix typo in backported s390x hw acceleration patch.
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1775018
+
+---
+ crypto/evp/e_aes.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/crypto/evp/e_aes.c
++++ b/crypto/evp/e_aes.c
+@@ -1362,7 +1362,7 @@ static int s390x_aes_gcm_tls_cipher(EVP_
+                                     const unsigned char *in, size_t len)
+ {
+     S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
+-    const unsigned char *buf = ctx->iv;
++    const unsigned char *buf = ctx->buf;
+     const int enc = ctx->encrypt;
+     int rv = -1;
+ 
diff -Nru openssl1.0-1.0.2n/debian/patches/series openssl1.0-1.0.2n/debian/patches/series
--- openssl1.0-1.0.2n/debian/patches/series	2018-12-04 15:57:52.000000000 +0000
+++ openssl1.0-1.0.2n/debian/patches/series	2019-02-26 19:46:16.000000000 +0000
@@ -31,3 +31,5 @@
 CVE-2018-0734-2.patch
 CVE-2018-0734-3.patch
 CVE-2018-5407.patch
+CVE-2019-1559.patch
+s390x-fix-aes-gcm-tls.patch