diff -Nru ruby2.0-2.0.0.484/debian/changelog ruby2.0-2.0.0.484/debian/changelog
--- ruby2.0-2.0.0.484/debian/changelog	2018-06-12 17:07:02.000000000 +0000
+++ ruby2.0-2.0.0.484/debian/changelog	2018-10-29 19:33:05.000000000 +0000
@@ -1,3 +1,16 @@
+ruby2.0 (2.0.0.484-1ubuntu2.11) trusty-security; urgency=medium
+
+  * SECURITY UPDATE: Name equality check
+    - debian/patches/CVE-2018-16395.patch: fix in
+      ext/openssl/ossl_x509name.c.
+    - CVE-2018-16395
+  * SECURITY UPDATE: Tainted flags not propagted
+    - debian/patches/CVE-2018-16396.patch: fix in
+      pack.c, test/ruby/test_pack.rb.
+    - CVE-2018-16396
+
+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Mon, 29 Oct 2018 14:09:40 -0300
+
 ruby2.0 (2.0.0.484-1ubuntu2.10) trusty-security; urgency=medium
 
   * SECURITY UPDATE: DoS vulnerability in query command
diff -Nru ruby2.0-2.0.0.484/debian/patches/CVE-2018-16395.patch ruby2.0-2.0.0.484/debian/patches/CVE-2018-16395.patch
--- ruby2.0-2.0.0.484/debian/patches/CVE-2018-16395.patch	1970-01-01 00:00:00.000000000 +0000
+++ ruby2.0-2.0.0.484/debian/patches/CVE-2018-16395.patch	2018-10-29 17:08:21.000000000 +0000
@@ -0,0 +1,24 @@
+From f653cfa43f0f20e8c440122ea982382b6228e7f5 Mon Sep 17 00:00:00 2001
+From: Kazuki Yamaguchi <k@rhe.jp>
+Date: Fri, 27 Jul 2018 17:01:04 +0900
+Subject: [PATCH] x509name: fix OpenSSL::X509::Name#{cmp,<=>}
+
+Fix wrong use of X509_NAME_cmp() return value. OpenSSL::X509::Name#<=>
+could return 0 when the two objects aren't identical.
+
+Reported by Tyler Eckstein. CVE-2018-16395.
+
+Reference: https://hackerone.com/reports/387250
+diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
+index 4b39705..a266215 100644
+--- a/ext/openssl/ossl_x509name.c
++++ b/ext/openssl/ossl_x509name.c
+@@ -321,7 +321,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
+ 
+     result = ossl_x509name_cmp0(self, other);
+     if (result < 0) return INT2FIX(-1);
+-    if (result > 1) return INT2FIX(1);
++    if (result > 0) return INT2FIX(1);
+ 
+     return INT2FIX(0);
+ }
diff -Nru ruby2.0-2.0.0.484/debian/patches/CVE-2018-16396.patch ruby2.0-2.0.0.484/debian/patches/CVE-2018-16396.patch
--- ruby2.0-2.0.0.484/debian/patches/CVE-2018-16396.patch	1970-01-01 00:00:00.000000000 +0000
+++ ruby2.0-2.0.0.484/debian/patches/CVE-2018-16396.patch	2018-10-29 19:09:30.000000000 +0000
@@ -0,0 +1,97 @@
+From a2958f6743664006d21fc0bafd4ca6214df1d429 Mon Sep 17 00:00:00 2001
+From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
+Date: Wed, 17 Oct 2018 15:06:18 +0000
+Subject: [PATCH] merge revision(s) 65125:
+
+	infect taint flag on Array#pack and String#unpack
+	with the directives "B", "b", "H" and "h".
+
+		* pack.c (pack_pack, pack_unpack_internal): infect taint flag.
+
+		* test/ruby/test_pack.rb: add test for above.
+
+git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@65128 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
+diff --git a/pack.c b/pack.c
+index 0303d18..1c794b1 100644
+--- a/pack.c
++++ b/pack.c
+@@ -919,6 +919,7 @@ pack_pack(VALUE ary, VALUE fmt)
+ 	    StringValue(from);
+ 	    ptr = RSTRING_PTR(from);
+ 	    plen = RSTRING_LEN(from);
++	    OBJ_INFECT(res, from);
+ 
+ 	    if (len == 0 && type == 'm') {
+ 		encodes(res, ptr, plen, type, 0);
+@@ -946,6 +947,7 @@ pack_pack(VALUE ary, VALUE fmt)
+ 
+ 	  case 'M':		/* quoted-printable encoded string */
+ 	    from = rb_obj_as_string(NEXTFROM);
++	    OBJ_INFECT(res, from);
+ 	    if (len <= 1)
+ 		len = 72;
+ 	    qpencode(res, from, len);
+@@ -971,6 +973,7 @@ pack_pack(VALUE ary, VALUE fmt)
+ 		}
+ 		else {
+ 		    t = StringValuePtr(from);
++		    OBJ_INFECT(res, from);
+ 		}
+ 		if (!associates) {
+ 		    associates = rb_ary_new();
+@@ -1462,6 +1465,7 @@ pack_unpack(VALUE str, VALUE fmt)
+ 		    len = (send - s) * 8;
+ 		bits = 0;
+ 		UNPACK_PUSH(bitstr = rb_usascii_str_new(0, len));
++		OBJ_INFECT(bitstr, str);
+ 		t = RSTRING_PTR(bitstr);
+ 		for (i=0; i<len; i++) {
+ 		    if (i & 7) bits >>= 1;
+@@ -1482,6 +1486,7 @@ pack_unpack(VALUE str, VALUE fmt)
+ 		    len = (send - s) * 8;
+ 		bits = 0;
+ 		UNPACK_PUSH(bitstr = rb_usascii_str_new(0, len));
++		OBJ_INFECT(bitstr, str);
+ 		t = RSTRING_PTR(bitstr);
+ 		for (i=0; i<len; i++) {
+ 		    if (i & 7) bits <<= 1;
+@@ -1502,6 +1507,7 @@ pack_unpack(VALUE str, VALUE fmt)
+ 		    len = (send - s) * 2;
+ 		bits = 0;
+ 		UNPACK_PUSH(bitstr = rb_usascii_str_new(0, len));
++		OBJ_INFECT(bitstr, str);
+ 		t = RSTRING_PTR(bitstr);
+ 		for (i=0; i<len; i++) {
+ 		    if (i & 1)
+@@ -1524,6 +1530,7 @@ pack_unpack(VALUE str, VALUE fmt)
+ 		    len = (send - s) * 2;
+ 		bits = 0;
+ 		UNPACK_PUSH(bitstr = rb_usascii_str_new(0, len));
++		OBJ_INFECT(bitstr, str);
+ 		t = RSTRING_PTR(bitstr);
+ 		for (i=0; i<len; i++) {
+ 		    if (i & 1)
+diff --git a/test/ruby/test_pack.rb b/test/ruby/test_pack.rb
+index 6d56a2a..21b9d55 100644
+--- a/test/ruby/test_pack.rb
++++ b/test/ruby/test_pack.rb
+@@ -708,4 +708,19 @@ EXPECTED
+     $VERBOSE = verbose
+   end
+ 
++  def test_pack_infection
++    tainted_array_string = ["123456"]
++    tainted_array_string.first.taint
++    ['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm', 'P', 'p'].each do |f|
++      assert_predicate(tainted_array_string.pack(f), :tainted?)
++    end
++  end
++
++  def test_unpack_infection
++    tainted_string = "123456"
++    tainted_string.taint
++    ['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm'].each do |f|
++      assert_predicate(tainted_string.unpack(f).first, :tainted?)
++    end
++  end
+ end
diff -Nru ruby2.0-2.0.0.484/debian/patches/series ruby2.0-2.0.0.484/debian/patches/series
--- ruby2.0-2.0.0.484/debian/patches/series	2018-06-12 16:48:40.000000000 +0000
+++ ruby2.0-2.0.0.484/debian/patches/series	2018-10-29 19:09:30.000000000 +0000
@@ -32,3 +32,5 @@
 CVE-2018-1000074.patch
 CVE-2018-8777.patch
 CVE-2018-8777-CVE-2017-17742.patch
+CVE-2018-16395.patch
+CVE-2018-16396.patch