diff -Nru packagekit-1.1.9/debian/changelog packagekit-1.1.9/debian/changelog
--- packagekit-1.1.9/debian/changelog	2019-03-04 15:42:18.000000000 +0000
+++ packagekit-1.1.9/debian/changelog	2020-09-23 11:01:04.000000000 +0000
@@ -1,3 +1,16 @@
+packagekit (1.1.9-1ubuntu2.18.04.6) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: information disclosure (LP: #1888887)
+    - debian/patches/CVE-2020-16121.patch: hide failures behind a single
+      error message in src/pk-transaction.c.
+    - CVE-2020-16121
+  * SECURITY UPDATE: untrusted local file installation (LP: #1882098)
+    - debian/patches/CVE-2020-16122.patch: do not trust local packages in
+      backends/aptcc/apt-intf.cpp.
+    - CVE-2020-16122
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 23 Sep 2020 07:01:04 -0400
+
 packagekit (1.1.9-1ubuntu2.18.04.5) bionic; urgency=medium
 
   * 03_aptcc-use-correct-return-type-in-function.patch: Cherry pick upstream
diff -Nru packagekit-1.1.9/debian/patches/CVE-2020-16121.patch packagekit-1.1.9/debian/patches/CVE-2020-16121.patch
--- packagekit-1.1.9/debian/patches/CVE-2020-16121.patch	1970-01-01 00:00:00.000000000 +0000
+++ packagekit-1.1.9/debian/patches/CVE-2020-16121.patch	2020-09-23 11:00:55.000000000 +0000
@@ -0,0 +1,135 @@
+From e916b584d8d0f3feb835fe3793f01271a301240d Mon Sep 17 00:00:00 2001
+From: Julian Andres Klode <julian.klode@canonical.com>
+Date: Tue, 22 Sep 2020 14:12:12 +0200
+Subject: [PATCH 2/2] Information disclosure in InstallFiles, GetFilesLocal and
+ GetDetailsLocal
+
+These functions revealed existence and content type of files, which
+allows a non-root user to check existence and content type of any
+file on the system, regardless of permission, as the checks are
+performed as root.
+
+A correct fix would move those checks into the client, and pass an
+fd to the daemon. Here we just hide which failure it is, which we
+would need to do anyway, but don't provide an improved version as
+that's out of scope for a security issue and requires changes the
+reverse dependencies using those functions.
+
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1888887
+---
+ src/pk-transaction.c | 48 ++++++++++++++++----------------------------
+ 1 file changed, 17 insertions(+), 31 deletions(-)
+
+--- a/src/pk-transaction.c
++++ b/src/pk-transaction.c
+@@ -3226,7 +3226,7 @@ pk_transaction_get_details_local (PkTran
+ 			g_set_error (&error,
+ 				     PK_TRANSACTION_ERROR,
+ 				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
+-				     "No such file %s", full_paths[i]);
++				     "No such file %s, or unknown or unsupported content type", full_paths[i]);
+ 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
+ 			goto out;
+ 		}
+@@ -3237,9 +3237,8 @@ pk_transaction_get_details_local (PkTran
+ 		if (content_type == NULL) {
+ 			g_set_error (&error,
+ 				     PK_TRANSACTION_ERROR,
+-				     PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
+-				     "Failed to get content type for file %s",
+-				     full_paths[i]);
++				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
++				     "No such file %s, or unknown or unsupported content type", full_paths[i]);
+ 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
+ 			goto out;
+ 		}
+@@ -3249,9 +3248,8 @@ pk_transaction_get_details_local (PkTran
+ 		if (!ret) {
+ 			g_set_error (&error,
+ 				     PK_TRANSACTION_ERROR,
+-				     PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
+-				     "MIME type '%s' not supported %s",
+-				     content_type, full_paths[i]);
++				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
++				     "No such file %s, or unknown or unsupported content type", full_paths[i]);
+ 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
+ 			goto out;
+ 		}
+@@ -3330,7 +3328,7 @@ pk_transaction_get_files_local (PkTransa
+ 			g_set_error (&error,
+ 				     PK_TRANSACTION_ERROR,
+ 				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
+-				     "No such file %s", full_paths[i]);
++				     "No such file %s, or unknown or unsupported content type", full_paths[i]);
+ 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
+ 			goto out;
+ 		}
+@@ -3341,9 +3339,8 @@ pk_transaction_get_files_local (PkTransa
+ 		if (content_type == NULL) {
+ 			g_set_error (&error,
+ 				     PK_TRANSACTION_ERROR,
+-				     PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
+-				     "Failed to get content type for file %s",
+-				     full_paths[i]);
++				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
++				     "No such file %s, or unknown or unsupported content type", full_paths[i]);
+ 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
+ 			goto out;
+ 		}
+@@ -3353,9 +3350,8 @@ pk_transaction_get_files_local (PkTransa
+ 		if (!ret) {
+ 			g_set_error (&error,
+ 				     PK_TRANSACTION_ERROR,
+-				     PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
+-				     "MIME type '%s' not supported %s",
+-				     content_type, full_paths[i]);
++				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
++				     "No such file %s, or unknown or unsupported content type", full_paths[i]);
+ 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
+ 			goto out;
+ 		}
+@@ -3891,7 +3887,7 @@ pk_transaction_install_files (PkTransact
+ 			g_set_error (&error,
+ 				     PK_TRANSACTION_ERROR,
+ 				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
+-				     "No such file %s", full_paths[i]);
++				     "No such file %s, or unknown or unsupported content type", full_paths[i]);
+ 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
+ 				goto out;
+ 		}
+@@ -3901,9 +3897,8 @@ pk_transaction_install_files (PkTransact
+ 		if (content_type == NULL) {
+ 			g_set_error (&error,
+ 				     PK_TRANSACTION_ERROR,
+-				     PK_TRANSACTION_ERROR_NOT_SUPPORTED,
+-				     "Failed to get content type for file %s",
+-				     full_paths[i]);
++				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
++				     "No such file %s, or unknown or unsupported content type", full_paths[i]);
+ 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
+ 				goto out;
+ 		}
+@@ -3911,19 +3906,10 @@ pk_transaction_install_files (PkTransact
+ 		/* supported content type? */
+ 		ret = pk_transaction_is_supported_content_type (transaction, content_type);
+ 		if (!ret) {
+-			if (g_strcmp0 ("application/x-app-package", content_type) == 0 ||
+-			    g_str_has_suffix (full_paths[i], ".ipk") == TRUE) {
+-				g_set_error (&error,
+-					      PK_TRANSACTION_ERROR,
+-					      PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
+-					      "Listaller is required to install %s", full_paths[i]);
+-			} else {
+-				g_set_error (&error,
+-					     PK_TRANSACTION_ERROR,
+-					     PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
+-					     "MIME type '%s' not supported %s",
+-					     content_type, full_paths[i]);
+-			}
++			g_set_error (&error,
++				     PK_TRANSACTION_ERROR,
++				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
++				     "No such file %s, or unknown or unsupported content type", full_paths[i]);
+ 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
+ 				goto out;
+ 		}
diff -Nru packagekit-1.1.9/debian/patches/CVE-2020-16122.patch packagekit-1.1.9/debian/patches/CVE-2020-16122.patch
--- packagekit-1.1.9/debian/patches/CVE-2020-16122.patch	1970-01-01 00:00:00.000000000 +0000
+++ packagekit-1.1.9/debian/patches/CVE-2020-16122.patch	2020-09-23 11:01:01.000000000 +0000
@@ -0,0 +1,33 @@
+From 944eaed77f7178ad895894413c528fd812df454f Mon Sep 17 00:00:00 2001
+From: Julian Andres Klode <julian.klode@canonical.com>
+Date: Tue, 22 Sep 2020 13:50:32 +0200
+Subject: [PATCH 1/2] aptcc: Do not trust local debs, allows root privileges
+ for package-install
+
+Debs do not have signatures on their own, so they are always
+untrusted.
+
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1882098
+---
+ backends/aptcc/apt-intf.cpp | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/backends/aptcc/apt-intf.cpp
++++ b/backends/aptcc/apt-intf.cpp
+@@ -125,6 +125,16 @@ bool AptIntf::init(gchar **localDebs)
+     // Create the AptCacheFile class to search for packages
+     m_cache = new AptCacheFile(m_job);
+     if (localDebs) {
++        PkBitfield flags = pk_backend_job_get_transaction_flags(m_job);
++        if (pk_bitfield_contain(flags, PK_TRANSACTION_FLAG_ENUM_ONLY_TRUSTED)) {
++            // We are NOT simulating and have untrusted packages
++            // fail the transaction.
++            pk_backend_job_error_code(m_job,
++                                  PK_ERROR_ENUM_CANNOT_INSTALL_REPO_UNSIGNED,
++                                  "Local packages cannot be authenticated.");
++            return false;
++        }
++
+         for (int i = 0; i < g_strv_length(localDebs); ++i) {
+             markFileForInstall(localDebs[i]);
+         }
diff -Nru packagekit-1.1.9/debian/patches/ubuntu.series packagekit-1.1.9/debian/patches/ubuntu.series
--- packagekit-1.1.9/debian/patches/ubuntu.series	2019-03-04 15:41:25.000000000 +0000
+++ packagekit-1.1.9/debian/patches/ubuntu.series	2020-09-23 11:00:58.000000000 +0000
@@ -10,3 +10,5 @@
 aptcc-Fix-invalid-version-dereference-in-AptInf-prov.patch
 aptcc-removing-duplicate-delete-call.patch
 03_aptcc-use-correct-return-type-in-function.patch
+CVE-2020-16121.patch
+CVE-2020-16122.patch