diff -Nru python-bottle-0.12.15/debian/changelog python-bottle-0.12.15/debian/changelog
--- python-bottle-0.12.15/debian/changelog	2021-10-05 17:17:52.000000000 +0000
+++ python-bottle-0.12.15/debian/changelog	2022-07-25 12:10:00.000000000 +0000
@@ -1,3 +1,12 @@
+python-bottle (0.12.15-2.1ubuntu0.2) focal-security; urgency=medium
+
+  * SECURITY UPDATE: fix information disclosure vulnerability 
+    - debian/patches/CVE-2022-31799.patch: fix error mishandling during early   
+      request binding in bottle.py
+    - CVE-2022-31799
+
+ -- Nishit Majithia <nishit.majithia@canonical.com>  Mon, 25 Jul 2022 17:40:00 +0530
+
 python-bottle (0.12.15-2.1ubuntu0.1) focal-security; urgency=medium
 
   * SECURITY UPDATE: Web cache poisoning
diff -Nru python-bottle-0.12.15/debian/patches/CVE-2022-31799.patch python-bottle-0.12.15/debian/patches/CVE-2022-31799.patch
--- python-bottle-0.12.15/debian/patches/CVE-2022-31799.patch	1970-01-01 00:00:00.000000000 +0000
+++ python-bottle-0.12.15/debian/patches/CVE-2022-31799.patch	2022-07-25 12:09:41.000000000 +0000
@@ -0,0 +1,35 @@
+Description: Fix for CVE-2022-31799
+Author: Nishit Majithia <nishit.majithia@canonical.com>
+Origin: upstream, https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00
+---
+Index: python-bottle-0.12.15/bottle.py
+===================================================================
+--- python-bottle-0.12.15.orig/bottle.py
++++ python-bottle-0.12.15/bottle.py
+@@ -842,17 +842,19 @@ class Bottle(object):
+         return tob(template(ERROR_PAGE_TEMPLATE, e=res))
+ 
+     def _handle(self, environ):
+-        path = environ['bottle.raw_path'] = environ['PATH_INFO']
+-        if py3k:
+-            try:
+-                environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
+-            except UnicodeError:
+-                return HTTPError(400, 'Invalid path string. Expected UTF-8')
+-
+         try:
++
+             environ['bottle.app'] = self
+             request.bind(environ)
+             response.bind()
++
++            path = environ['bottle.raw_path'] = environ['PATH_INFO']
++            if py3k:
++                try:
++                    environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
++                except UnicodeError:
++                    return HTTPError(400, 'Invalid path string. Expected UTF-8')
++
+             try:
+                 self.trigger_hook('before_request')
+                 route, args = self.router.match(environ)
diff -Nru python-bottle-0.12.15/debian/patches/series python-bottle-0.12.15/debian/patches/series
--- python-bottle-0.12.15/debian/patches/series	2021-10-05 17:15:28.000000000 +0000
+++ python-bottle-0.12.15/debian/patches/series	2022-07-25 12:09:32.000000000 +0000
@@ -1,3 +1,4 @@
 0001-Remove-bottle.py-from-scripts.patch
 0002-Add-CLI-manpage.patch
 CVE-2020-28473.patch
+CVE-2022-31799.patch