diff -Nru ruby2.5-2.5.1/debian/changelog ruby2.5-2.5.1/debian/changelog
--- ruby2.5-2.5.1/debian/changelog	2022-01-06 15:31:02.000000000 +0000
+++ ruby2.5-2.5.1/debian/changelog	2022-05-24 14:47:40.000000000 +0000
@@ -1,3 +1,12 @@
+ruby2.5 (2.5.1-1ubuntu1.12) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: Buffer over-read
+    - debian/patches/CVE-2022-28739.patch: fix dtoa buffer
+      overrun in missing/dtoa.c, test/ruby/test_float.rb.
+    - CVE-2022-28739
+
+ -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Tue, 24 May 2022 11:47:40 -0300
+
 ruby2.5 (2.5.1-1ubuntu1.11) bionic-security; urgency=medium
 
   * SECURITY UPDATE: ReDoS vulnerability
diff -Nru ruby2.5-2.5.1/debian/patches/CVE-2022-28739_2.6.patch ruby2.5-2.5.1/debian/patches/CVE-2022-28739_2.6.patch
--- ruby2.5-2.5.1/debian/patches/CVE-2022-28739_2.6.patch	1970-01-01 00:00:00.000000000 +0000
+++ ruby2.5-2.5.1/debian/patches/CVE-2022-28739_2.6.patch	2022-05-24 14:47:31.000000000 +0000
@@ -0,0 +1,62 @@
+From 69f9992ed41920389d4185141a14f02f89a4d306 Mon Sep 17 00:00:00 2001
+From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
+Date: Tue, 12 Apr 2022 11:49:45 +0000
+Subject: [PATCH] Fix dtoa buffer overrun
+
+git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67957 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
+---
+ test/ruby/test_float.rb | 18 ++++++++++++++++++
+ util.c                  |  3 ++-
+ version.h               |  2 +-
+ 3 files changed, 21 insertions(+), 2 deletions(-)
+
+Index: ruby2.5-2.5.1/test/ruby/test_float.rb
+===================================================================
+--- ruby2.5-2.5.1.orig/test/ruby/test_float.rb
++++ ruby2.5-2.5.1/test/ruby/test_float.rb
+@@ -163,6 +163,24 @@ class TestFloat < Test::Unit::TestCase
+       assert_equal(-31.0*2**-1027, Float("-0x1f"+("0"*268)+".0p-2099"))
+       assert_equal(-31.0*2**-1027, Float("-0x1f"+("0"*600)+".0p-3427"))
+     end
++
++    x = nil
++    2000.times do
++      x = Float("0x"+"0"*30)
++      break unless x == 0.0
++    end
++    assert_equal(0.0, x, ->{"%a" % x})
++    x = nil
++    2000.times do
++      begin
++        x = Float("0x1."+"0"*270)
++      rescue ArgumentError => e
++        raise unless /"0x1\.0{270}"/ =~ e.message
++      else
++        break
++      end
++    end
++    assert_nil(x, ->{"%a" % x})
+   end
+ 
+   def test_divmod
+Index: ruby2.5-2.5.1/util.c
+===================================================================
+--- ruby2.5-2.5.1.orig/util.c
++++ ruby2.5-2.5.1/util.c
+@@ -2046,6 +2046,7 @@ break2:
+ 	    if (!*++s || !(s1 = strchr(hexdigit, *s))) goto ret0;
+ 	    if (*s == '0') {
+ 		while (*++s == '0');
++		if (!*s) goto ret;
+ 		s1 = strchr(hexdigit, *s);
+ 	    }
+ 	    if (s1 != NULL) {
+@@ -2068,7 +2069,7 @@ break2:
+ 		for (; *s && (s1 = strchr(hexdigit, *s)); ++s) {
+ 		    adj += aadj * ((s1 - hexdigit) & 15);
+ 		    if ((aadj /= 16) == 0.0) {
+-			while (strchr(hexdigit, *++s));
++			while (*++s && strchr(hexdigit, *s));
+ 			break;
+ 		    }
+ 		}
diff -Nru ruby2.5-2.5.1/debian/patches/series ruby2.5-2.5.1/debian/patches/series
--- ruby2.5-2.5.1/debian/patches/series	2022-01-06 15:30:50.000000000 +0000
+++ ruby2.5-2.5.1/debian/patches/series	2022-05-24 14:27:38.000000000 +0000
@@ -40,3 +40,4 @@
 CVE-2021-41817-2.patch
 CVE-2021-41817-3.patch
 CVE-2021-41819.patch
+CVE-2022-28739_2.6.patch