diff -Nru bsdiff-4.3/debian/changelog bsdiff-4.3/debian/changelog
--- bsdiff-4.3/debian/changelog	2013-08-11 12:40:53.000000000 +0000
+++ bsdiff-4.3/debian/changelog	2020-09-14 20:01:10.000000000 +0000
@@ -1,3 +1,19 @@
+bsdiff (4.3-15+deb8u1build0.16.04.1) xenial-security; urgency=medium
+
+  * fake sync from Debian
+
+ -- Mike Salvatore <mike.salvatore@canonical.com>  Mon, 14 Sep 2020 16:01:10 -0400
+
+bsdiff (4.3-15+deb8u1) jessie-security; urgency=high
+
+  * Non-maintainer upload by the LTS Team. 
+  * CVE-2014-9862
+    With a crafted patch file an integer signedness error in bspatch
+    could be used for a heap based buffer overflow and possibly
+    execution of arbitrary code.
+ 
+ -- Thorsten Alteholz <debian@alteholz.de>  Tue, 26 Nov 2019 19:03:02 +0100
+
 bsdiff (4.3-15) unstable; urgency=low
 
   * debian/control
diff -Nru bsdiff-4.3/debian/patches/CVE-2014-9862.patch bsdiff-4.3/debian/patches/CVE-2014-9862.patch
--- bsdiff-4.3/debian/patches/CVE-2014-9862.patch	1970-01-01 00:00:00.000000000 +0000
+++ bsdiff-4.3/debian/patches/CVE-2014-9862.patch	2019-11-26 18:03:02.000000000 +0000
@@ -0,0 +1,15 @@
+Index: bsdiff-4.3/bspatch.c
+===================================================================
+--- bsdiff-4.3.orig/bspatch.c	2005-08-17 00:14:00.000000000 +0200
++++ bsdiff-4.3/bspatch.c	2019-11-26 15:59:02.429494743 +0100
+@@ -152,6 +152,10 @@
+ 		};
+ 
+ 		/* Sanity-check */
++ 		if((ctrl[0]<0) || (ctrl[1]<0))
++ 			errx(1,"corrupt patch (diff): negative chunk size");
++
++ 		/* Sanity-check */
+ 		if(newpos+ctrl[0]>newsize)
+ 			errx(1,"Corrupt patch\n");
+ 
diff -Nru bsdiff-4.3/debian/patches/series bsdiff-4.3/debian/patches/series
--- bsdiff-4.3/debian/patches/series	2013-08-11 12:40:53.000000000 +0000
+++ bsdiff-4.3/debian/patches/series	2019-11-26 18:03:02.000000000 +0000
@@ -1 +1,2 @@
 10-no-bsd-make.patch
+CVE-2014-9862.patch