diff -Nru blueman-2.0.5/debian/changelog blueman-2.0.5/debian/changelog
--- blueman-2.0.5/debian/changelog	2017-11-10 10:13:52.000000000 +0000
+++ blueman-2.0.5/debian/changelog	2020-10-16 13:10:30.000000000 +0000
@@ -1,3 +1,12 @@
+blueman (2.0.5-1ubuntu1.1) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: privilege escalation on DhcpClient
+    - debian/patches/CVE-2020-15238.patch: pass object path instead of network
+      interface name to DhcpClient
+    - CVE-2020-15238
+
+ -- Emilia Torino <emilia.torino@canonical.com>  Fri, 16 Oct 2020 10:10:30 -0300
+
 blueman (2.0.5-1ubuntu1) bionic; urgency=medium
 
   * Merge with Debian; remaining changes:
diff -Nru blueman-2.0.5/debian/patches/CVE-2020-15238.patch blueman-2.0.5/debian/patches/CVE-2020-15238.patch
--- blueman-2.0.5/debian/patches/CVE-2020-15238.patch	1970-01-01 00:00:00.000000000 +0000
+++ blueman-2.0.5/debian/patches/CVE-2020-15238.patch	2020-10-16 13:09:48.000000000 +0000
@@ -0,0 +1,90 @@
+From 7a1129f3825b0130bda4d0d0aaea0fd0379ec4a8 Mon Sep 17 00:00:00 2001
+From: Christopher Schramm <git@cschramm.eu>
+Date: Sat, 26 Sep 2020 23:10:29 +0200
+Subject: [PATCH] Pass object path instead of network interface name to
+ DhcpClient
+
+---
+ blueman/plugins/applet/DhcpClient.py | 12 +++++++-----
+ blueman/plugins/manager/Services.py  |  2 +-
+ blueman/plugins/mechanism/Network.py |  5 +++--
+ 3 files changed, 11 insertions(+), 8 deletions(-)
+
+diff --git a/blueman/plugins/applet/DhcpClient.py b/blueman/plugins/applet/DhcpClient.py
+index c91e9c59..f28a4420 100644
+--- a/blueman/plugins/applet/DhcpClient.py
++++ b/blueman/plugins/applet/DhcpClient.py
+@@ -28,15 +28,17 @@ class DhcpClient(AppletPlugin):
+         self.Signals.DisconnectAll()
+ 
+     @dbus.service.method('org.blueman.Applet', in_signature="s")
+-    def DhcpClient(self, interface):
+-        self.dhcp_acquire(interface)
++    def DhcpClient(self, object_path):
++        self.dhcp_acquire(object_path)
+ 
+     def on_network_prop_changed(self, key, value, path):
+         if key == "Interface":
+             if value != "":
+-                self.dhcp_acquire(value)
++                self.dhcp_acquire(path)
++
++    def dhcp_acquire(self, object_path):
++        device = Network(obj_path=object_path).get_properties()["Interface"]
+ 
+-    def dhcp_acquire(self, device):
+         if device not in self.quering:
+             self.quering.append(device)
+         else:
+@@ -64,4 +66,4 @@ class DhcpClient(AppletPlugin):
+                          status_icon=self.Applet.Plugins.StatusIcon)
+ 
+             m = Mechanism()
+-            m.DhcpClient(device, reply_handler=reply, error_handler=err, timeout=120)
++            m.DhcpClient(object_path, reply_handler=reply, error_handler=err, timeout=120)
+diff --git a/blueman/plugins/manager/Services.py b/blueman/plugins/manager/Services.py
+index abb4fbdd..e6660282 100644
+--- a/blueman/plugins/manager/Services.py
++++ b/blueman/plugins/manager/Services.py
+@@ -79,7 +79,7 @@ class Services(ManagerPlugin):
+             if service.group == 'network' and service.connected:
+                 if "DhcpClient" in appl.QueryPlugins():
+                     def renew(x):
+-                        appl.DhcpClient(Network(device.get_object_path()).get_properties()["Interface"])
++                        appl.DhcpClient(device.get_object_path())
+ 
+                     item = create_menuitem(_("Renew IP Address"), get_icon("view-refresh", 16))
+                     manager_menu.Signals.Handle("gobject", item, "activate", renew)
+diff --git a/blueman/plugins/mechanism/Network.py b/blueman/plugins/mechanism/Network.py
+index 317a3f6d..572f83cf 100644
+--- a/blueman/plugins/mechanism/Network.py
++++ b/blueman/plugins/mechanism/Network.py
+@@ -4,6 +4,7 @@ from __future__ import absolute_import
+ from __future__ import unicode_literals
+ 
+ import dbus.service
++from blueman.bluez.Network import Network as BluezNetwork
+ from blueman.plugins.MechanismPlugin import MechanismPlugin
+ import os
+ import subprocess
+@@ -16,7 +17,7 @@ DHCPDHANDLERS = {"DnsMasqHandler": DnsMasqHandler,
+ class Network(MechanismPlugin):
+     @dbus.service.method('org.blueman.Mechanism', in_signature="s", out_signature="s", sender_keyword="caller",
+                          async_callbacks=("ok", "err"))
+-    def DhcpClient(self, net_interface, caller, ok, err):
++    def DhcpClient(self, object_path, caller, ok, err):
+         self.timer.stop()
+ 
+         self.confirm_authorization(caller, "org.blueman.dhcp.client")
+@@ -31,7 +32,7 @@ class Network(MechanismPlugin):
+             ok(ip)
+             self.timer.resume()
+ 
+-        dh = DhcpClient(net_interface)
++        dh = DhcpClient(BluezNetwork(obj_path=object_path).get_properties()["Interface"])
+         dh.connect("error-occurred", dh_error, ok, err)
+         dh.connect("connected", dh_connected, ok, err)
+         try:
+-- 
+2.28.0
+
diff -Nru blueman-2.0.5/debian/patches/series blueman-2.0.5/debian/patches/series
--- blueman-2.0.5/debian/patches/series	2017-11-10 10:13:52.000000000 +0000
+++ blueman-2.0.5/debian/patches/series	2020-10-16 13:09:48.000000000 +0000
@@ -1,2 +1,3 @@
 01_dont_autostart_lxde.patch
 02_lp1533206.patch
+CVE-2020-15238.patch