diff -Nru exuberant-ctags-5.9~svn20110310/debian/changelog exuberant-ctags-5.9~svn20110310/debian/changelog
--- exuberant-ctags-5.9~svn20110310/debian/changelog	2018-05-05 13:06:18.000000000 +0000
+++ exuberant-ctags-5.9~svn20110310/debian/changelog	2023-01-22 22:41:30.000000000 +0000
@@ -1,3 +1,13 @@
+exuberant-ctags (1:5.9~svn20110310-12ubuntu0.1) focal-security; urgency=medium
+
+  * SECURITY UPDATE: arbitrary command execution via a tag file with a crafted
+    filename 
+    - debian/patches/CVE-2022-4515.patch: quote output file name before
+      passing it to system(3) function
+    - CVE-2022-4515 
+
+ -- David Lane <david.lane@canonical.com>  Mon, 23 Jan 2023 09:41:30 +1100
+
 exuberant-ctags (1:5.9~svn20110310-12) unstable; urgency=medium
 
   * Move VCS to salsa.debian.org.
diff -Nru exuberant-ctags-5.9~svn20110310/debian/control exuberant-ctags-5.9~svn20110310/debian/control
--- exuberant-ctags-5.9~svn20110310/debian/control	2018-05-05 13:06:07.000000000 +0000
+++ exuberant-ctags-5.9~svn20110310/debian/control	2023-01-22 22:41:30.000000000 +0000
@@ -1,7 +1,8 @@
 Source: exuberant-ctags
 Section: editors
 Priority: optional
-Maintainer: Colin Watson <cjwatson@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Colin Watson <cjwatson@debian.org>
 Build-Depends: dpkg (>= 1.16.1~), debhelper (>= 9), dh-autoreconf
 Standards-Version: 3.9.6
 Homepage: http://ctags.sourceforge.net/
diff -Nru exuberant-ctags-5.9~svn20110310/debian/patches/CVE-2022-4515.patch exuberant-ctags-5.9~svn20110310/debian/patches/CVE-2022-4515.patch
--- exuberant-ctags-5.9~svn20110310/debian/patches/CVE-2022-4515.patch	1970-01-01 00:00:00.000000000 +0000
+++ exuberant-ctags-5.9~svn20110310/debian/patches/CVE-2022-4515.patch	2023-01-22 22:32:32.000000000 +0000
@@ -0,0 +1,198 @@
+From e00c55d7a0204dc1d0ae316141323959e1e16162 Mon Sep 17 00:00:00 2001
+From: Masatake YAMATO <yamato@redhat.com>
+Date: Mon, 24 Oct 2016 23:52:23 +0900
+Subject: [PATCH] main: quote output file name before passing it to system(3)
+ function
+
+Following command line doesn't work:
+
+      $ ctags -o 'a b' ...
+
+because a shell lauched from system(3) deals a whitespace between 'a'
+and 'b' as a separator. The output file name is passed to system(3)
+to run external sort command.
+
+This commit adds code to put double and single quoets around the output
+file name before passing it to system(3).
+
+The issue is reported by Lorenz Hipp <lhipp@idealbonn.de> in a private mail.
+
+Signed-off-by: Masatake YAMATO <yamato@redhat.com>
+---
+ Tmain/abnormal-output-file-names.d/input.c         |  1 +
+ Tmain/abnormal-output-file-names.d/run.sh          | 39 ++++++++++++++
+ .../stderr-expected.txt                            |  0
+ .../stdout-expected.txt                            |  8 +++
+ sort.c                                             | 63 ++++++++++++++++++----
+ 5 files changed, 101 insertions(+), 10 deletions(-)
+ create mode 100644 Tmain/abnormal-output-file-names.d/input.c
+ create mode 100644 Tmain/abnormal-output-file-names.d/run.sh
+ create mode 100644 Tmain/abnormal-output-file-names.d/stderr-expected.txt
+ create mode 100644 Tmain/abnormal-output-file-names.d/stdout-expected.txt
+
+Index: exuberant-ctags-5.9~svn20110310/Tmain/abnormal-output-file-names.d/input.c
+===================================================================
+--- /dev/null
++++ exuberant-ctags-5.9~svn20110310/Tmain/abnormal-output-file-names.d/input.c
+@@ -0,0 +1 @@
++int x;
+Index: exuberant-ctags-5.9~svn20110310/Tmain/abnormal-output-file-names.d/run.sh
+===================================================================
+--- /dev/null
++++ exuberant-ctags-5.9~svn20110310/Tmain/abnormal-output-file-names.d/run.sh
+@@ -0,0 +1,39 @@
++# Copyright: 2016 Masatake YAMATO
++# License: GPL-2
++
++CTAGS=$1
++
++rm -f ./"'"
++rm -f ./'"'
++rm -f ./'$(ls)'
++rm -f ./'a b'
++
++${CTAGS} --quiet --options=NONE -o ./"'" --extra=-pF input.c
++${CTAGS} --quiet --options=NONE -o ./'"' --extra=-pF input.c
++${CTAGS} --quiet --options=NONE -o ./'$(ls)' --extra=-pF input.c
++${CTAGS} --quiet --options=NONE -o ./'a b' --extra=-pF input.c
++
++echo '#' SINGLE QUOTE
++if [ -e "'" ]; then
++	cat "'"
++fi
++
++echo '#' DOUBLE QUOTES
++if [ -e '"' ]; then
++	cat '"'
++fi
++
++echo '#' PROCESS SUBSTITUTION
++if [ -e '$(ls)' ]; then
++	cat '$(ls)'
++fi
++
++echo '#' SPACE
++if [ -e 'a b' ]; then
++	cat 'a b'
++fi
++
++rm -f ./"'"
++rm -f ./'"'
++rm -f ./'$(ls)'
++rm -f ./'a b'
+Index: exuberant-ctags-5.9~svn20110310/Tmain/abnormal-output-file-names.d/stdout-expected.txt
+===================================================================
+--- /dev/null
++++ exuberant-ctags-5.9~svn20110310/Tmain/abnormal-output-file-names.d/stdout-expected.txt
+@@ -0,0 +1,8 @@
++# SINGLE QUOTE
++x	input.c	/^int x;$/;"	v	typeref:typename:int
++# DOUBLE QUOTES
++x	input.c	/^int x;$/;"	v	typeref:typename:int
++# PROCESS SUBSTITUTION
++x	input.c	/^int x;$/;"	v	typeref:typename:int
++# SPACE
++x	input.c	/^int x;$/;"	v	typeref:typename:int
+Index: exuberant-ctags-5.9~svn20110310/sort.c
+===================================================================
+--- exuberant-ctags-5.9~svn20110310.orig/sort.c
++++ exuberant-ctags-5.9~svn20110310/sort.c
+@@ -19,6 +19,7 @@
+ #endif
+ #include <string.h>
+ #include <stdio.h>
++#include <stdlib.h>
+ 
+ #include "debug.h"
+ #include "entry.h"
+@@ -53,17 +54,44 @@ extern void catFile (const char *const n
+ # define PE_CONST const
+ #endif
+ 
++/*
++   Output file name should not be evaluated in system(3) function.
++   The name must be used as is. Quotations are required to block the
++   evaluation.
++
++   Normal single-quotes are used to quote a cstring:
++   a => 'a'
++   " => '"'
++
++   If a single-quote is included in the cstring, use double quotes for quoting it.
++   ' => ''"'"''
++*/
++static void appendCstringWithQuotes (vString *dest, const char* cstr)
++{
++	const char* o;
++
++	vStringPut (dest, '\'');
++	for (o = cstr; *o; o++)
++	{
++		if (*o == '\'')
++			vStringCatS (dest, "'\"'\"'");
++		else
++			vStringPut (dest, *o);
++	}
++	vStringPut (dest, '\'');
++}
++
+ extern void externalSortTags (const boolean toStdout)
+ {
+ 	const char *const sortNormalCommand = "sort -u -o";
+ 	const char *const sortFoldedCommand = "sort -u -f -o";
+ 	const char *sortCommand =
+ 		Option.sorted == SO_FOLDSORTED ? sortFoldedCommand : sortNormalCommand;
++# ifndef HAVE_SETENV
+ 	PE_CONST char *const sortOrder1 = "LC_COLLATE=C";
+ 	PE_CONST char *const sortOrder2 = "LC_ALL=C";
+-	const size_t length = 4 + strlen (sortOrder1) + strlen (sortOrder2) +
+-			strlen (sortCommand) + (2 * strlen (tagFileName ()));
+-	char *const cmd = (char *) malloc (length + 1);
++# endif
++	vString *cmd = vStringNew ();
+ 	int ret = -1;
+ 
+ 	if (cmd != NULL)
+@@ -73,20 +101,35 @@ extern void externalSortTags (const bool
+ #ifdef HAVE_SETENV
+ 		setenv ("LC_COLLATE", "C", 1);
+ 		setenv ("LC_ALL", "C", 1);
+-		sprintf (cmd, "%s %s %s", sortCommand, tagFileName (), tagFileName ());
++		vStringCatS (cmd, sortCommand);
++		vStringPut (cmd, ' ');
++		appendCstringWithQuotes (cmd, tagFileName ());
++		vStringPut (cmd, ' ');
++		appendCstringWithQuotes (cmd, tagFileName ());
+ #else
+ # ifdef HAVE_PUTENV
+ 		putenv (sortOrder1);
+ 		putenv (sortOrder2);
+-		sprintf (cmd, "%s %s %s", sortCommand, tagFileName (), tagFileName ());
++		vStringCatS (cmd, sortOrder1);
++		vStringPut (cmd, ' ');
++		appendCstringWithQuotes (cmd, tagFileName ());
++		vStringPut (cmd, ' ');
++		appendCstringWithQuotes (cmd, tagFileName ());
+ # else
+-		sprintf (cmd, "%s %s %s %s %s", sortOrder1, sortOrder2, sortCommand,
+-				tagFileName (), tagFileName ());
++		vStringCatS (cmd, sortOrder1);
++		vStringPut (cmd, ' ');
++		vStringCatS (cmd, sortOrder2);
++		vStringPut (cmd, ' ');
++		vStringCatS (cmd, sortCommand);
++		vStringPut (cmd, ' ');
++		appendCstringWithQuotes (cmd, tagFileName ());
++		vStringPut (cmd, ' ');
++		appendCstringWithQuotes (cmd, tagFileName ());
+ # endif
+ #endif
+-		verbose ("system (\"%s\")\n", cmd);
+-		ret = system (cmd);
+-		free (cmd);
++		verbose ("system (\"%s\")\n", vStringValue (cmd));
++		ret = system (vStringValue (cmd));
++		vStringDelete (cmd);
+ 
+ 	}
+ 	if (ret != 0)
diff -Nru exuberant-ctags-5.9~svn20110310/debian/patches/series exuberant-ctags-5.9~svn20110310/debian/patches/series
--- exuberant-ctags-5.9~svn20110310/debian/patches/series	2015-03-14 00:01:58.000000000 +0000
+++ exuberant-ctags-5.9~svn20110310/debian/patches/series	2023-01-22 22:32:24.000000000 +0000
@@ -4,3 +4,4 @@
 go.patch
 jscript-set-tag-scope.patch
 reproducible.patch
+CVE-2022-4515.patch