diff -Nru ruby1.9.1-1.9.3.484/debian/changelog ruby1.9.1-1.9.3.484/debian/changelog
--- ruby1.9.1-1.9.3.484/debian/changelog	2017-10-03 19:25:35.000000000 +0000
+++ ruby1.9.1-1.9.3.484/debian/changelog	2017-12-18 17:37:56.000000000 +0000
@@ -1,3 +1,12 @@
+ruby1.9.1 (1.9.3.484-2ubuntu1.6) trusty-security; urgency=medium
+
+  * SECURITY UPDATE: command injection through Net::FTP
+    - debian/patches/CVE-2017-17405.patch: fix command injection
+      in lib/net/ftp.rb.
+    - CVE-2017-17405
+
+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Mon, 18 Dec 2017 14:36:12 -0300
+
 ruby1.9.1 (1.9.3.484-2ubuntu1.5) trusty-security; urgency=medium
 
   * SECURITY UPDATE: Buffer underrun vulneratiblity
diff -Nru ruby1.9.1-1.9.3.484/debian/patches/CVE-2017-17405.patch ruby1.9.1-1.9.3.484/debian/patches/CVE-2017-17405.patch
--- ruby1.9.1-1.9.3.484/debian/patches/CVE-2017-17405.patch	1970-01-01 00:00:00.000000000 +0000
+++ ruby1.9.1-1.9.3.484/debian/patches/CVE-2017-17405.patch	2017-12-18 17:36:00.000000000 +0000
@@ -0,0 +1,51 @@
+Backport of:
+
+From 6d3f72e5be2312be312f2acbf3465b05293c1431 Mon Sep 17 00:00:00 2001
+From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
+Date: Thu, 14 Dec 2017 13:41:30 +0000
+Subject: [PATCH] Fix a command injection vulnerability in Net::FTP.
+
+diff --git a/lib/net/ftp.rb b/lib/net/ftp.rb
+index 149fc6a..94dcccd 100644
+--- a/lib/net/ftp.rb
++++ b/lib/net/ftp.rb
+@@ -563,10 +563,10 @@ module Net
+       if localfile
+         if @resume
+           rest_offset = File.size?(localfile)
+-          f = open(localfile, "a")
++          f = File.open(localfile, "a")
+         else
+           rest_offset = nil
+-          f = open(localfile, "w")
++          f = File.open(localfile, "w")
+         end
+       elsif !block_given?
+         result = ""
+@@ -594,7 +594,7 @@ module Net
+     def gettextfile(remotefile, localfile = File.basename(remotefile)) # :yield: line
+       result = nil
+       if localfile
+-        f = open(localfile, "w")
++        f = File.open(localfile, "w")
+       elsif !block_given?
+         result = ""
+       end
+@@ -640,7 +640,7 @@ module Net
+       else
+         rest_offset = nil
+       end
+-      f = open(localfile)
++      f = File.open(localfile)
+       begin
+         f.binmode
+         if rest_offset
+@@ -659,7 +659,7 @@ module Net
+     # passing in the transmitted data one line at a time.
+     #
+     def puttextfile(localfile, remotefile = File.basename(localfile), &block) # :yield: line
+-      f = open(localfile)
++      f = File.open(localfile)
+       begin
+         storlines("STOR " + remotefile, f, &block)
+       ensure
diff -Nru ruby1.9.1-1.9.3.484/debian/patches/series ruby1.9.1-1.9.3.484/debian/patches/series
--- ruby1.9.1-1.9.3.484/debian/patches/series	2017-10-03 14:51:37.000000000 +0000
+++ ruby1.9.1-1.9.3.484/debian/patches/series	2017-12-18 17:36:00.000000000 +0000
@@ -28,3 +28,4 @@
 openssl-test-failure.patch
 CVE-2017-0898-10748-14033-14064.patch
 CVE-2017-0899-0900-0901.patch
+CVE-2017-17405.patch