diff -Nru wavpack-5.1.0/debian/changelog wavpack-5.1.0/debian/changelog
--- wavpack-5.1.0/debian/changelog	2018-04-30 18:53:18.000000000 +0000
+++ wavpack-5.1.0/debian/changelog	2018-12-06 11:47:38.000000000 +0000
@@ -1,3 +1,15 @@
+wavpack (5.1.0-2ubuntu1.2) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: Denial of service
+    - debian/patches/CVE-2018-19840.patch: checking
+      if sample_rate is not zero in src/pack_utils.c.
+    - CVE-2018-19840
+  * SECURITY UPDATE: Denial of service
+    - debian/patches/CVE-2018-19841.patch: fix in
+      src/open_utils.c.
+
+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Thu, 06 Dec 2018 08:47:38 -0300
+
 wavpack (5.1.0-2ubuntu1.1) bionic-security; urgency=medium
 
   * SECURITY UPDATE: Writing to memory vulnerability in wav64 and riff
diff -Nru wavpack-5.1.0/debian/patches/CVE-2018-19840.patch wavpack-5.1.0/debian/patches/CVE-2018-19840.patch
--- wavpack-5.1.0/debian/patches/CVE-2018-19840.patch	1970-01-01 00:00:00.000000000 +0000
+++ wavpack-5.1.0/debian/patches/CVE-2018-19840.patch	2018-12-06 11:47:23.000000000 +0000
@@ -0,0 +1,20 @@
+From 070ef6f138956d9ea9612e69586152339dbefe51 Mon Sep 17 00:00:00 2001
+From: David Bryant <david@wavpack.com>
+Date: Thu, 29 Nov 2018 21:00:42 -0800
+Subject: [PATCH] issue #53: error out on zero sample rate
+diff --git a/src/pack_utils.c b/src/pack_utils.c
+index 1918c18..ee3debf 100644
+--- a/src/pack_utils.c
++++ b/src/pack_utils.c
+@@ -195,6 +195,11 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64
+     int num_chans = config->num_channels;
+     int i;
+ 
++    if (!config->sample_rate) {
++        strcpy (wpc->error_message, "sample rate cannot be zero!");
++        return FALSE;
++    }
++
+     wpc->stream_version = (config->flags & CONFIG_COMPATIBLE_WRITE) ? CUR_STREAM_VERS : MAX_STREAM_VERS;
+ 
+     if ((config->qmode & QMODE_DSD_AUDIO) && config->bytes_per_sample == 1 && config->bits_per_sample == 8) {
diff -Nru wavpack-5.1.0/debian/patches/CVE-2018-19841.patch wavpack-5.1.0/debian/patches/CVE-2018-19841.patch
--- wavpack-5.1.0/debian/patches/CVE-2018-19841.patch	1970-01-01 00:00:00.000000000 +0000
+++ wavpack-5.1.0/debian/patches/CVE-2018-19841.patch	2018-12-06 11:47:29.000000000 +0000
@@ -0,0 +1,25 @@
+From bba5389dc598a92bdf2b297c3ea34620b6679b5b Mon Sep 17 00:00:00 2001
+From: David Bryant <david@wavpack.com>
+Date: Thu, 29 Nov 2018 21:53:51 -0800
+Subject: [PATCH] issue #54: fix potential out-of-bounds heap read
+
+diff --git a/src/open_utils.c b/src/open_utils.c
+index fc9440c..ce0879c 100644
+--- a/src/open_utils.c
++++ b/src/open_utils.c
+@@ -1258,13 +1258,13 @@ int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum)
+ #endif
+ 
+             if (meta_bc == 4) {
+-                if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff))
++                if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff) || dp[2] != ((csum >> 16) & 0xff) || dp[3] != ((csum >> 24) & 0xff))
+                     return FALSE;
+             }
+             else {
+                 csum ^= csum >> 16;
+ 
+-                if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff))
++                if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff))
+                     return FALSE;
+             }
+ 
diff -Nru wavpack-5.1.0/debian/patches/series wavpack-5.1.0/debian/patches/series
--- wavpack-5.1.0/debian/patches/series	2018-04-30 18:52:58.000000000 +0000
+++ wavpack-5.1.0/debian/patches/series	2018-12-06 11:47:29.000000000 +0000
@@ -3,3 +3,5 @@
 CVE-2018-7254.patch
 CVE-2018-10536-and-10537.patch
 CVE-2018-10538-and-10539-and-10540.patch
+CVE-2018-19840.patch
+CVE-2018-19841.patch