diff -Nru coturn-4.5.1.1/debian/changelog coturn-4.5.1.1/debian/changelog
--- coturn-4.5.1.1/debian/changelog	2019-10-19 19:55:17.000000000 +0000
+++ coturn-4.5.1.1/debian/changelog	2020-12-14 13:50:15.000000000 +0000
@@ -1,3 +1,27 @@
+coturn (4.5.1.1-1.1ubuntu0.20.04.2) focal-security; urgency=medium
+
+  * SECURITY UPDATE: Unsafe loopback interface
+    - debian/patches/CVE-2020-26262.patch: Add check if address is in
+      0.0.0.0/8 or ::/128.
+    - CVE-2020-26262
+
+ -- Mészáros Mihály <misi@majd.eu>  Mon, 14 Dec 2020 14:50:15 +0100
+
+coturn (4.5.1.1-1.1ubuntu0.20.04.1) focal-security; urgency=medium
+
+  * SECURITY UPDATE: Heap-buffer overflow in HTTP POST request
+    - debian/patches/CVE-2020-6061.patch: Fix overflow
+    - CVE-2020-6061
+  * SECURITY UPDATE: DoS when parsing certain HTTP POST request
+    - debian/patches/CVE-2020-6062.patch: Fix parsing of POST requests
+    - CVE-2020-6062
+  * SECURITY UPDATE: Information leak between different client connections
+    - debian/patches/CVE-2020-4067.patch: initialize with zero any new or
+      reused stun buffers
+    - CVE-2020-4067
+
+ -- Eduardo Barretto <eduardo.barretto@canonical.com>  Thu, 02 Jul 2020 10:34:50 -0300
+
 coturn (4.5.1.1-1.1build2) focal; urgency=medium
 
   * No-change rebuild for libevent soname changes.
diff -Nru coturn-4.5.1.1/debian/control coturn-4.5.1.1/debian/control
--- coturn-4.5.1.1/debian/control	2019-05-26 14:11:04.000000000 +0000
+++ coturn-4.5.1.1/debian/control	2020-12-14 13:50:15.000000000 +0000
@@ -1,7 +1,8 @@
 Source: coturn
 Section: net
 Priority: optional
-Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
 Uploaders: Daniel Pocock <daniel@pocock.pro>,
            Oleg Moskalenko <mom040267@gmail.com>,
            Mészáros Mihály <misi@majd.eu>
diff -Nru coturn-4.5.1.1/debian/patches/CVE-2020-26262.patch coturn-4.5.1.1/debian/patches/CVE-2020-26262.patch
--- coturn-4.5.1.1/debian/patches/CVE-2020-26262.patch	1970-01-01 00:00:00.000000000 +0000
+++ coturn-4.5.1.1/debian/patches/CVE-2020-26262.patch	2020-12-14 13:50:15.000000000 +0000
@@ -0,0 +1,77 @@
+From: Sandro Gauci <sandro@enablesecurity.com>
+Date: Mon, 30 Nov 2020 14:02:35 +0100
+Subject: Fix-CVE-2020-26262-Enable-Security
+
+---
+ src/client/ns_turn_ioaddr.c | 29 +++++++++++++++++++++++++++--
+ src/client/ns_turn_ioaddr.h |  1 +
+ src/server/ns_turn_server.c |  2 ++
+ 3 files changed, 30 insertions(+), 2 deletions(-)
+
+--- coturn-4.5.1.1.orig/src/client/ns_turn_ioaddr.c
++++ coturn-4.5.1.1/src/client/ns_turn_ioaddr.c
+@@ -483,9 +483,9 @@ int ioa_addr_is_loopback(ioa_addr *addr)
+ 			return (u[0] == 127);
+ 		} else if(addr->ss.sa_family == AF_INET6) {
+ 			const u08bits *u = ((const u08bits*)&(addr->s6.sin6_addr));
+-			if(u[7] == 1) {
++			if(u[15] == 1) {
+ 				int i;
+-				for(i=0;i<7;++i) {
++				for(i=0;i<15;++i) {
+ 					if(u[i])
+ 						return 0;
+ 				}
+@@ -494,6 +494,31 @@ int ioa_addr_is_loopback(ioa_addr *addr)
+ 		}
+ 	}
+ 	return 0;
++}
++
++/*
++To avoid a vulnerability this function checks whether the addr is in 0.0.0.0/8 or ::/128.
++Source from (INADDR_ANY) 0.0.0.0/32 and (in6addr_any) ::/128 routed to loopback on Linux systems for old BSD backward compatibility.
++https://github.com/torvalds/linux/blob/a2f5ea9e314ba6778f885c805c921e9362ec0420/net/ipv6/tcp_ipv6.c#L182
++To avoid any trouble we match the whole 0.0.0.0/8 that defined in RFC6890 as local network "this".
++*/
++int ioa_addr_is_zero(ioa_addr *addr)
++{
++	if(addr) {
++		if(addr->ss.sa_family == AF_INET) {
++			const uint8_t *u = ((const uint8_t*)&(addr->s4.sin_addr));
++			return (u[0] == 0);
++		} else if(addr->ss.sa_family == AF_INET6) {
++			const uint8_t *u = ((const uint8_t*)&(addr->s6.sin6_addr));
++			int i;
++			for(i=0;i<=15;++i) {
++				if(u[i])
++					return 0;
++			}
++			return 1;
++		}
++	}
++	return 0;
+ }
+ 
+ /////// Map "public" address to "private" address //////////////
+--- coturn-4.5.1.1.orig/src/client/ns_turn_ioaddr.h
++++ coturn-4.5.1.1/src/client/ns_turn_ioaddr.h
+@@ -89,6 +89,7 @@ void ioa_addr_range_cpy(ioa_addr_range*
+ 
+ int ioa_addr_is_multicast(ioa_addr *a);
+ int ioa_addr_is_loopback(ioa_addr *addr);
++int ioa_addr_is_zero(ioa_addr *addr);
+ 
+ /////// Map "public" address to "private" address //////////////
+ 
+--- coturn-4.5.1.1.orig/src/server/ns_turn_server.c
++++ coturn-4.5.1.1/src/server/ns_turn_server.c
+@@ -273,6 +273,8 @@ static int good_peer_addr(turn_turnserve
+ 			return 0;
+ 		if( !*(server->allow_loopback_peers) && ioa_addr_is_loopback(peer_addr))
+ 			return 0;
++		if (ioa_addr_is_zero(peer_addr))
++			return 0;
+ 
+ 		{
+ 			int i;
diff -Nru coturn-4.5.1.1/debian/patches/CVE-2020-4067.patch coturn-4.5.1.1/debian/patches/CVE-2020-4067.patch
--- coturn-4.5.1.1/debian/patches/CVE-2020-4067.patch	1970-01-01 00:00:00.000000000 +0000
+++ coturn-4.5.1.1/debian/patches/CVE-2020-4067.patch	2020-12-14 13:50:15.000000000 +0000
@@ -0,0 +1,34 @@
+From fc1e0732069e95f2de3cf1a22d15c44bbd3cfaae Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= <misi@majd.eu>
+Date: Mon, 22 Jun 2020 00:08:12 +0200
+Subject: [PATCH 1/2] init with zero any new or reused stun buffers
+
+[Salvatore Bonaccorso: backport to 4.5.1.1: Use consistently ns_bzero as it
+does not yet contain the upstream change 7a43aae7c3e1 ("Remove ns_bzero(),
+ns_bcopy(), and ns_bcmp()"). Adjust for context changes.]
+---
+ src/apps/relay/ns_ioalib_engine_impl.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/src/apps/relay/ns_ioalib_engine_impl.c
++++ b/src/apps/relay/ns_ioalib_engine_impl.c
+@@ -293,10 +293,19 @@ static stun_buffer_list_elem *new_blist_
+ 
+ 	if(!ret) {
+ 	  ret = (stun_buffer_list_elem *)turn_malloc(sizeof(stun_buffer_list_elem));
++	  /* init ns_bzero below will solve all of these in one step
+ 	  ret->buf.len = 0;
+ 	  ret->buf.offset = 0;
+ 	  ret->buf.coffset = 0;
++	  */
+ 	  ret->next = NULL;
++	  if (!ret) {
++		TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: Cannot allocate memory for STUN buffer!\n", __FUNCTION__);
++	  }
++	}
++
++	if(ret) {
++	  ns_bzero(&ret->buf, sizeof(stun_buffer));
+ 	}
+ 
+ 	return ret;
diff -Nru coturn-4.5.1.1/debian/patches/CVE-2020-6061.patch coturn-4.5.1.1/debian/patches/CVE-2020-6061.patch
--- coturn-4.5.1.1/debian/patches/CVE-2020-6061.patch	1970-01-01 00:00:00.000000000 +0000
+++ coturn-4.5.1.1/debian/patches/CVE-2020-6061.patch	2020-12-14 13:50:15.000000000 +0000
@@ -0,0 +1,28 @@
+From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= <misi@majd.eu>
+Date: Mon, 17 Feb 2020 10:34:56 +0100
+Subject: Fix: CVE-2020-6061/TALOS-2020-0984
+Origin: https://github.com/coturn/coturn/commit/51a7c2b9bf924890c7a3ff4db9c4976c5a93340a
+Bug: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984
+Bug-Debian: https://bugs.debian.org/951876
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-6061
+
+---
+ src/apps/relay/http_server.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/apps/relay/http_server.c b/src/apps/relay/http_server.c
+index 573af49b5ce9..1126b49c1526 100644
+--- a/src/apps/relay/http_server.c
++++ b/src/apps/relay/http_server.c
+@@ -103,7 +103,7 @@ const char* get_http_date_header()
+ 
+ static struct headers_list * post_parse(char *data, size_t data_len)
+ {
+-	while((*data=='\r')||(*data=='\n')) ++data;
++	while((*data=='\r')||(*data=='\n')) { ++data; --data_len; }
+ 	char *post_data = (char*)calloc(data_len + 1, sizeof(char));
+ 	memcpy(post_data, data, data_len);
+ 	char *fmarker = NULL;
+-- 
+2.27.0
+
diff -Nru coturn-4.5.1.1/debian/patches/CVE-2020-6062.patch coturn-4.5.1.1/debian/patches/CVE-2020-6062.patch
--- coturn-4.5.1.1/debian/patches/CVE-2020-6062.patch	1970-01-01 00:00:00.000000000 +0000
+++ coturn-4.5.1.1/debian/patches/CVE-2020-6062.patch	2020-12-14 13:50:15.000000000 +0000
@@ -0,0 +1,89 @@
+From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= <misi@majd.eu>
+Date: Tue, 18 Feb 2020 12:31:38 +0100
+Subject: Fix: CVE-2020-6062 / TALOS-2020-0985
+Origin: https://github.com/coturn/coturn/commit/e09bcd9f7af5b32c81b37f51835b384b5a7d03a8
+Bug: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985
+Bug-Debian: https://bugs.debian.org/951876
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-6062
+
+[Salvatore Bonaccorso: backport to 4.5.1.1: Use consistently ns_bzero as it
+does not yet contain the upstream change 7a43aae7c3e1 ("Remove ns_bzero(),
+ns_bcopy(), and ns_bcmp()")]
+---
+ src/apps/relay/http_server.c | 63 ++++++++++++++++++++----------------
+ 1 file changed, 36 insertions(+), 27 deletions(-)
+
+--- a/src/apps/relay/http_server.c
++++ b/src/apps/relay/http_server.c
+@@ -104,35 +104,44 @@ const char* get_http_date_header()
+ static struct headers_list * post_parse(char *data, size_t data_len)
+ {
+ 	while((*data=='\r')||(*data=='\n')) { ++data; --data_len; }
+-	char *post_data = (char*)calloc(data_len + 1, sizeof(char));
+-	memcpy(post_data, data, data_len);
+-	char *fmarker = NULL;
+-	char *fsplit = strtok_r(post_data, "&", &fmarker);
+-	struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list));
+-	ns_bzero(list,sizeof(struct headers_list));
+-	while (fsplit != NULL) {
+-		char *vmarker = NULL;
+-		char *key = strtok_r(fsplit, "=", &vmarker);
+-		char *value = strtok_r(NULL, "=", &vmarker);
+-		char empty[1];
+-		empty[0]=0;
+-		value = value ? value : empty;
+-		value = evhttp_decode_uri(value);
+-		char *p = value;
+-		while (*p) {
+-			if (*p == '+')
+-				*p = ' ';
+-			p++;
++	if (data_len) {
++		char *post_data = (char*)calloc(data_len + 1, sizeof(char));
++		if (post_data != NULL) {
++			memcpy(post_data, data, data_len);
++			char *fmarker = NULL;
++			char *fsplit = strtok_r(post_data, "&", &fmarker);
++			struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list));
++			ns_bzero(list,sizeof(struct headers_list));
++			while (fsplit != NULL) {
++				char *vmarker = NULL;
++				char *key = strtok_r(fsplit, "=", &vmarker);
++				if (key == NULL)
++					break;
++				else {
++					char *value = strtok_r(NULL, "=", &vmarker);
++					char empty[1];
++					empty[0]=0;
++					value = value ? value : empty;
++					value = evhttp_decode_uri(value);
++					char *p = value;
++					while (*p) {
++						if (*p == '+')
++							*p = ' ';
++						p++;
++					}
++					list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1));
++					list->keys[list->n] = strdup(key);
++					list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1));
++					list->values[list->n] = value;
++					++(list->n);
++					fsplit = strtok_r(NULL, "&", &fmarker);
++				}
++			}
++			free(post_data);
++			return list;
+ 		}
+-		list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1));
+-		list->keys[list->n] = strdup(key);
+-		list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1));
+-		list->values[list->n] = value;
+-		++(list->n);
+-		fsplit = strtok_r(NULL, "&", &fmarker);
+ 	}
+-	free(post_data);
+-	return list;
++	return NULL;
+ }
+ 
+ static struct http_request* parse_http_request_1(struct http_request* ret, char* request, int parse_post)
diff -Nru coturn-4.5.1.1/debian/patches/series coturn-4.5.1.1/debian/patches/series
--- coturn-4.5.1.1/debian/patches/series	2019-03-02 23:07:47.000000000 +0000
+++ coturn-4.5.1.1/debian/patches/series	2020-12-14 13:50:15.000000000 +0000
@@ -1 +1,5 @@
 Set-logging-to-syslog.patch
+CVE-2020-6061.patch
+CVE-2020-6062.patch
+CVE-2020-4067.patch
+CVE-2020-26262.patch