diff -Nru db5.3-5.3.28/debian/changelog db5.3-5.3.28/debian/changelog
--- db5.3-5.3.28/debian/changelog	2015-08-25 12:36:33.000000000 +0000
+++ db5.3-5.3.28/debian/changelog	2019-06-03 14:41:41.000000000 +0000
@@ -1,3 +1,20 @@
+db5.3 (5.3.28-11ubuntu0.2) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: Heap out-of-bounds read
+    - debian/patches/CVE-2019-8457.patch: enhance the rtreenode
+      function in lang/sql/sqlite/ext/rtree/rtree.c.
+    - CVE-2019-8457
+
+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Mon, 03 Jun 2019 11:41:41 -0300
+
+db5.3 (5.3.28-11ubuntu0.1) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: Berkeley DB reads DB_CONFIG from cwd
+    - debian/patches/CVE-2017-10140.patch in src/env/env_open.c.
+    - CVE-2017-10140
+
+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Tue, 21 Nov 2017 11:09:30 -0300
+
 db5.3 (5.3.28-11) unstable; urgency=medium
 
   * Fix gitweb URL (Closes: #793114)
diff -Nru db5.3-5.3.28/debian/control db5.3-5.3.28/debian/control
--- db5.3-5.3.28/debian/control	2015-08-25 12:36:33.000000000 +0000
+++ db5.3-5.3.28/debian/control	2017-11-21 17:06:50.000000000 +0000
@@ -1,7 +1,8 @@
 Source: db5.3
 Section: libs
 Priority: standard
-Maintainer: Debian Berkeley DB Group <pkg-db-devel@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian Berkeley DB Group <pkg-db-devel@lists.alioth.debian.org>
 Uploaders: Ondřej Surý <ondrej@debian.org>, Dmitrijs Ledkovs <xnox@debian.org>
 Standards-Version: 3.9.6
 # For cross building one also needs tcl8.4:native (ie. such that it
diff -Nru db5.3-5.3.28/debian/patches/CVE-2017-10140.patch db5.3-5.3.28/debian/patches/CVE-2017-10140.patch
--- db5.3-5.3.28/debian/patches/CVE-2017-10140.patch	1970-01-01 00:00:00.000000000 +0000
+++ db5.3-5.3.28/debian/patches/CVE-2017-10140.patch	2017-11-21 14:09:21.000000000 +0000
@@ -0,0 +1,22 @@
+Description: CVE-2017-10140: Reads DB_CONFIG from the current working directory
+ Do not access DB_CONFIG when db_home is not set.
+Origin: vendor, https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
+Bug-Debian: https://bugs.debian.org/872436
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1464032
+Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=1043886
+Forwarded: no
+Author: Petr Kubat <pkubat@redhat.com>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2017-08-17
+
+--- db-5.3.28/src/env/env_open.c.old	2017-06-26 10:32:11.011419981 +0200
++++ db-5.3.28/src/env/env_open.c	2017-06-26 10:32:46.893721233 +0200
+@@ -473,7 +473,7 @@
+ 	env->db_mode = mode == 0 ? DB_MODE_660 : mode;
+ 
+ 	/* Read the DB_CONFIG file. */
+-	if ((ret = __env_read_db_config(env)) != 0)
++	if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
+ 		return (ret);
+ 
+ 	/*
diff -Nru db5.3-5.3.28/debian/patches/CVE-2019-8457.patch db5.3-5.3.28/debian/patches/CVE-2019-8457.patch
--- db5.3-5.3.28/debian/patches/CVE-2019-8457.patch	1970-01-01 00:00:00.000000000 +0000
+++ db5.3-5.3.28/debian/patches/CVE-2019-8457.patch	2019-06-03 14:41:35.000000000 +0000
@@ -0,0 +1,65 @@
+diff --git a/lang/sql/sqlite/ext/rtree/rtree.c b/lang/sql/sqlite/ext/rtree/rtree.c
+index ebf430a..f7795c5 100644
+--- a/lang/sql/sqlite/ext/rtree/rtree.c
++++ b/lang/sql/sqlite/ext/rtree/rtree.c
+@@ -3089,38 +3089,45 @@ static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
+   RtreeNode node;
+   Rtree tree;
+   int ii;
++  int nData;
++  int errCode;
++  sqlite3_str *pOut;
+ 
+   UNUSED_PARAMETER(nArg);
+   memset(&node, 0, sizeof(RtreeNode));
+   memset(&tree, 0, sizeof(Rtree));
+   tree.nDim = sqlite3_value_int(apArg[0]);
++  if( tree.nDim<1 || tree.nDim>5 ) return;
+   tree.nBytesPerCell = 8 + 8 * tree.nDim;
+   node.zData = (u8 *)sqlite3_value_blob(apArg[1]);
++  nData = sqlite3_value_bytes(apArg[1]);
++  if( nData<4 ) return;
++  if( nData<NCELL(&node)*tree.nBytesPerCell ) return;
+ 
++  pOut = sqlite3_str_new(0);
+   for(ii=0; ii<NCELL(&node); ii++){
+-    char zCell[512];
+-    int nCell = 0;
+     RtreeCell cell;
+     int jj;
+ 
+     nodeGetCell(&tree, &node, ii, &cell);
+-    sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid);
+-    nCell = strlen(zCell);
++    if( ii>0 ) sqlite3_str_append(pOut, " ", 1);
++    sqlite3_str_appendf(pOut, "{%lld", cell.iRowid);
+     for(jj=0; jj<tree.nDim*2; jj++){
+-      sqlite3_snprintf(512-nCell,&zCell[nCell]," %f",(double)cell.aCoord[jj].f);
+-      nCell = strlen(zCell);
++#ifndef SQLITE_RTREE_INT_ONLY
++      sqlite3_str_appendf(pOut, " %g", (double)cell.aCoord[jj].f);
++#else
++      sqlite3_str_appendf(pOut, " %d", cell.aCoord[jj].i);
++#endif
+     }
+ 
+-    if( zText ){
+-      char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell);
+-      sqlite3_free(zText);
+-      zText = zTextNew;
+-    }else{
+-      zText = sqlite3_mprintf("{%s}", zCell);
+-    }
++
++    sqlite3_str_append(pOut, "}", 1);
++
+   }
+-  
+-  sqlite3_result_text(ctx, zText, -1, sqlite3_free);
++  errCode = sqlite3_str_errcode(pOut);
++  sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free);
++  sqlite3_result_error_code(ctx, errCode);
++
+ }
+ 
+ static void rtreedepth(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
diff -Nru db5.3-5.3.28/debian/patches/series db5.3-5.3.28/debian/patches/series
--- db5.3-5.3.28/debian/patches/series	2015-08-25 12:36:33.000000000 +0000
+++ db5.3-5.3.28/debian/patches/series	2019-06-03 14:41:35.000000000 +0000
@@ -6,3 +6,5 @@
 007-link-sql-libs.patch
 mmap_extend-mode-requires-page-aligned-extends.patch
 008-autoconf-in-lang-sql-sqlite.patch
+CVE-2017-10140.patch
+CVE-2019-8457.patch