diff -Nru flightgear-3.4.0/debian/changelog flightgear-3.4.0/debian/changelog
--- flightgear-3.4.0/debian/changelog	2016-01-05 19:55:49.000000000 +0000
+++ flightgear-3.4.0/debian/changelog	2020-10-08 19:42:44.000000000 +0000
@@ -1,3 +1,20 @@
+flightgear (3.4.0-3ubuntu1.1) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: Improper Access Control
+    - debian/patches/route-manager-secu-fix-280cd5.patch: don't allow the
+      route manager to overwrite arbitrary files.
+    - CVE-2016-9956
+
+ -- Paulo Flabiano Smorigo <pfsmorigo@canonical.com>  Thu, 08 Oct 2020 19:25:39 +0000
+
+flightgear (3.4.0-3ubuntu1) xenial; urgency=medium
+
+  * Fix icon install to fix FlightGear missing from the Software
+    app. This also improves the resolution of Flightgear's app icon
+    (LP: #1591115)
+
+ -- Jeremy Bicha <jbicha@ubuntu.com>  Thu, 28 Jul 2016 23:49:43 -0400
+
 flightgear (3.4.0-3) unstable; urgency=medium
 
   * Correct libpng dependency. Closes: #809835.
diff -Nru flightgear-3.4.0/debian/control flightgear-3.4.0/debian/control
--- flightgear-3.4.0/debian/control	2016-01-05 19:05:35.000000000 +0000
+++ flightgear-3.4.0/debian/control	2016-07-29 04:15:03.000000000 +0000
@@ -1,7 +1,8 @@
 Source: flightgear
 Section: games
 Priority: extra
-Maintainer: Debian FlightGear Crew <pkg-fgfs-crew@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian FlightGear Crew <pkg-fgfs-crew@lists.alioth.debian.org>
 Uploaders: Ove Kaaven <ovek@arcticnet.no>,
  Markus Wanner <markus@bluegap.ch>
 Build-Depends: debhelper (>= 9.20120417), libx11-dev, libxext-dev,
diff -Nru flightgear-3.4.0/debian/flightgear.install flightgear-3.4.0/debian/flightgear.install
--- flightgear-3.4.0/debian/flightgear.install	2015-11-05 19:43:55.000000000 +0000
+++ flightgear-3.4.0/debian/flightgear.install	2016-07-29 04:15:03.000000000 +0000
@@ -1,6 +1,7 @@
 usr/games
 usr/share
-icons/??x??                usr/share/icons/
+icons/??x??                usr/share/icons/hicolor
+icons/???x???              usr/share/icons/hicolor
 icons/*.xpm                usr/share/pixmaps/
-icons/scalable/*.svg       usr/share/icons/scalable/apps/
-debian/flightgear.desktop  usr/share/applications
\ No newline at end of file
+icons/scalable/*.svg       usr/share/icons/hicolor/scalable/apps
+debian/flightgear.desktop  usr/share/applications
diff -Nru flightgear-3.4.0/debian/patches/route-manager-secu-fix-280cd5.patch flightgear-3.4.0/debian/patches/route-manager-secu-fix-280cd5.patch
--- flightgear-3.4.0/debian/patches/route-manager-secu-fix-280cd5.patch	1970-01-01 00:00:00.000000000 +0000
+++ flightgear-3.4.0/debian/patches/route-manager-secu-fix-280cd5.patch	2020-10-08 19:25:06.000000000 +0000
@@ -0,0 +1,52 @@
+Description: Security fix: don't allow the route manager to overwrite arbitrary files
+ Since the Save function of the route manager can be triggered from Nasal with
+ an arbitrary path, we must check the path before overwriting the file.
+ .
+ (also add a missing include that is directly needed for this commit)
+Author: Florent Rougon <f.rougon@free.fr>
+Origin: upstream, https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/
+
+--- flightgear-3.4.0.orig/src/Autopilot/route_mgr.cxx
++++ flightgear-3.4.0/src/Autopilot/route_mgr.cxx
+@@ -47,6 +47,7 @@
+ #include <simgear/misc/sg_path.hxx>
+ #include <simgear/sg_inlines.h>
+ 
++#include <Main/globals.hxx>
+ #include "Main/fg_props.hxx"
+ #include "Navaids/positioned.hxx"
+ #include <Navaids/waypoint.hxx>
+@@ -57,6 +58,8 @@
+ #include "Airports/runways.hxx"
+ #include <GUI/new_gui.hxx>
+ #include <GUI/dialog.hxx>
++#include <Main/util.hxx>        // fgValidatePath()
++#include <GUI/MessageBox.hxx>
+ 
+ #define RM "/autopilot/route-manager/"
+ 
+@@ -712,7 +715,23 @@ void FGRouteMgr::InputListener::valueCha
+       mgr->loadRoute(path);
+     } else if (!strcmp(s, "@SAVE")) {
+       SGPath path(mgr->_pathNode->getStringValue());
+-      mgr->saveRoute(path);
++      const std::string authorizedPath = fgValidatePath(path.str(),
++                                                        true /* write */);
++
++      if (!authorizedPath.empty()) {
++        mgr->saveRoute(authorizedPath);
++      } else {
++        const SGPath proposedPath = SGPath(globals->get_fg_home()) / "Export";
++        std::string msg =
++          "The route manager was asked to write the flightplan to '" +
++          path.str() + "', but this path is not authorized for writing. " +
++          "Please choose another location, for instance in the $FG_HOME/Export "
++          "folder (" + proposedPath.str() + ").";
++
++        SG_LOG(SG_AUTOPILOT, SG_ALERT, msg);
++        modalMessageBox("FlightGear", "Unable to write to the specified file",
++                        msg);
++      }
+     } else if (!strcmp(s, "@NEXT")) {
+       mgr->jumpToIndex(mgr->currentIndex() + 1);
+     } else if (!strcmp(s, "@PREVIOUS")) {
diff -Nru flightgear-3.4.0/debian/patches/series flightgear-3.4.0/debian/patches/series
--- flightgear-3.4.0/debian/patches/series	2016-01-05 19:34:08.000000000 +0000
+++ flightgear-3.4.0/debian/patches/series	2020-10-08 19:25:06.000000000 +0000
@@ -4,3 +4,4 @@
 spelling.patch
 add-x11-lib.patch
 spelling2.patch
+route-manager-secu-fix-280cd5.patch