diff -Nru giflib-5.1.4/debian/changelog giflib-5.1.4/debian/changelog
--- giflib-5.1.4/debian/changelog	2018-02-11 14:43:54.000000000 +0000
+++ giflib-5.1.4/debian/changelog	2019-08-19 18:35:19.000000000 +0000
@@ -1,3 +1,22 @@
+giflib (5.1.4-2ubuntu0.1) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: Denial of service
+    - debian/patches/CVE-2016-3977.patch: fix SF
+      in heap buff overflow in lib/dgif_lig.c,
+      util/gif2rgb.c.
+    - CVE-2016-3977
+  * SECURITY UPDATE: Denial of service
+    - debian/patches/CVE-2018-11490.patch: adding checks
+      in DGifDecompressLine in order to avoid a heap buffer overflow and
+      a denial of service in lib/dgif_lib.c.
+    - CVE-2018-11490
+  * SECURITY UPDATE: Divide-by-zero
+    - debian/patches/CVE-2019-15133.patch: adding checks bounds
+      in lib/dgif_lib.c.
+    - CVE-2019-15133
+
+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Mon, 19 Aug 2019 15:35:19 -0300
+
 giflib (5.1.4-2) unstable; urgency=low
 
   * QA upload.
diff -Nru giflib-5.1.4/debian/control giflib-5.1.4/debian/control
--- giflib-5.1.4/debian/control	2018-02-11 14:25:36.000000000 +0000
+++ giflib-5.1.4/debian/control	2019-08-19 18:35:19.000000000 +0000
@@ -1,7 +1,8 @@
 Source: giflib
 Section: libs
 Priority: optional
-Maintainer: Debian QA Group <packages@qa.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian QA Group <packages@qa.debian.org>
 Build-Depends: debhelper (>= 10), xmlto
 Standards-Version: 4.1.3
 Homepage: http://giflib.sourceforge.net/
diff -Nru giflib-5.1.4/debian/patches/CVE-2016-3977.patch giflib-5.1.4/debian/patches/CVE-2016-3977.patch
--- giflib-5.1.4/debian/patches/CVE-2016-3977.patch	1970-01-01 00:00:00.000000000 +0000
+++ giflib-5.1.4/debian/patches/CVE-2016-3977.patch	2019-08-19 18:33:36.000000000 +0000
@@ -0,0 +1,83 @@
+From ea8dbc5786862a3e16a5acfa3d24e2c2f608cd88 Mon Sep 17 00:00:00 2001
+From: "Eric S. Raymond" <esr@thyrsus.com>
+Date: Sat, 2 Apr 2016 13:03:47 -0400
+Subject: [PATCH] Fix SF bug #87 Heap buffer overflow in 5.1.2 (gif2rgb).
+
+---
+ NEWS           |  8 ++++++++
+ lib/dgif_lib.c |  5 +++++
+ util/gif2rgb.c | 10 ++++++++--
+ 3 files changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index 7209705..ce44959 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,5 +1,13 @@
+ 			GIFLIB NEWS
+ 
++Repository head
++===============
++
++Code Fixes
++----------
++
++* Fix SF bug #87 Heap buffer overflow in 5.1.2 (gif2rgb).
++
+ 
+ Version 5.1.4
+ =============
+diff --git a/lib/dgif_lib.c b/lib/dgif_lib.c
+index 66a1d6a..3b650b8 100644
+--- a/lib/dgif_lib.c
++++ b/lib/dgif_lib.c
+@@ -289,6 +289,11 @@ DGifGetScreenDesc(GifFileType *GifFile)
+         GifFile->SColorMap = NULL;
+     }
+ 
++    /*
++     * No check here for whether the background color is in range for the
++     * screen color map.  Possibly there should be.
++     */
++    
+     return GIF_OK;
+ }
+ 
+diff --git a/util/gif2rgb.c b/util/gif2rgb.c
+index e39f37b..da791a2 100644
+--- a/util/gif2rgb.c
++++ b/util/gif2rgb.c
+@@ -15,7 +15,7 @@ Toshio Kuratomi had written this in a comment about the rgb2gif code:
+ 
+ I (ESR) took this off the main to-do list in 2012 because I don't think
+ the GIFLIB project actually needs to be in the converters-and-tools business.
+-Plenty of hackers do that; our jub is to supply stable library capability
++Plenty of hackers do that; our job is to supply stable library capability
+ with our utilities mainly interesting as test tools.
+ 
+ ***************************************************************************/
+@@ -461,7 +461,7 @@ static void GIF2RGB(int NumFiles, char *FileName,
+ 		break;
+ 	}
+     } while (RecordType != TERMINATE_RECORD_TYPE);
+-
++    
+     /* Lets dump it - set the global variables required and do it: */
+     ColorMap = (GifFile->Image.ColorMap
+ 		? GifFile->Image.ColorMap
+@@ -471,6 +471,12 @@ static void GIF2RGB(int NumFiles, char *FileName,
+         exit(EXIT_FAILURE);
+     }
+ 
++    /* check that the background color isn't garbage (SF bug #87) */
++    if (GifFile->SBackGroundColor < 0 || GifFile->SBackGroundColor >= ColorMap->ColorCount) {
++        fprintf(stderr, "Background color out of range for colormap\n");
++        exit(EXIT_FAILURE);
++    }
++
+     DumpScreen2RGB(OutFileName, OneFileFlag,
+ 		   ColorMap,
+ 		   ScreenBuffer, 
+-- 
+2.22.0
+
diff -Nru giflib-5.1.4/debian/patches/CVE-2018-11490.patch giflib-5.1.4/debian/patches/CVE-2018-11490.patch
--- giflib-5.1.4/debian/patches/CVE-2018-11490.patch	1970-01-01 00:00:00.000000000 +0000
+++ giflib-5.1.4/debian/patches/CVE-2018-11490.patch	2019-08-19 18:34:03.000000000 +0000
@@ -0,0 +1,24 @@
+From 08438a5098f3bb1de23a29334af55eba663f75bd Mon Sep 17 00:00:00 2001
+From: "Eric S. Raymond" <esr@thyrsus.com>
+Date: Sat, 9 Feb 2019 10:52:21 -0500
+Subject: [PATCH] Address SF bug #113: Heap Buffer Overflow-2 in function
+ DGifDecompressLine()...
+
+This was CVE-2018-11490
+---
+ lib/dgif_lib.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: giflib-5.1.4/lib/dgif_lib.c
+===================================================================
+--- giflib-5.1.4.orig/lib/dgif_lib.c
++++ giflib-5.1.4/lib/dgif_lib.c
+@@ -901,7 +901,7 @@ DGifDecompressLine(GifFileType *GifFile,
+                 while (StackPtr != 0 && i < LineLen)
+                     Line[i++] = Stack[--StackPtr];
+             }
+-            if (LastCode != NO_SUCH_CODE && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) {
++            if (LastCode != NO_SUCH_CODE && Private->RunningCode - 2 < LZ_MAX_CODE && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) {
+                 Prefix[Private->RunningCode - 2] = LastCode;
+ 
+                 if (CrntCode == Private->RunningCode - 2) {
diff -Nru giflib-5.1.4/debian/patches/CVE-2019-15133.patch giflib-5.1.4/debian/patches/CVE-2019-15133.patch
--- giflib-5.1.4/debian/patches/CVE-2019-15133.patch	1970-01-01 00:00:00.000000000 +0000
+++ giflib-5.1.4/debian/patches/CVE-2019-15133.patch	2019-08-19 18:34:37.000000000 +0000
@@ -0,0 +1,17 @@
+From 799eb6a3af8a3dd81e2429bf11a72a57e541f908 Mon Sep 17 00:00:00 2001
+From: "Eric S. Raymond" <esr@thyrsus.com>
+Date: Sun, 17 Mar 2019 12:37:21 -0400
+Subject: [PATCH] Address SF bug #119: MemorySanitizer: FPE on unknown address
+Index: giflib-5.1.4/lib/dgif_lib.c
+===================================================================
+--- giflib-5.1.4.orig/lib/dgif_lib.c
++++ giflib-5.1.4/lib/dgif_lib.c
+@@ -1104,7 +1104,7 @@ DGifSlurp(GifFileType *GifFile)
+ 
+               sp = &GifFile->SavedImages[GifFile->ImageCount - 1];
+               /* Allocate memory for the image */
+-              if (sp->ImageDesc.Width < 0 && sp->ImageDesc.Height < 0 &&
++              if (sp->ImageDesc.Width <= 0 || sp->ImageDesc.Height <= 0 ||
+                       sp->ImageDesc.Width > (INT_MAX / sp->ImageDesc.Height)) {
+                   return GIF_ERROR;
+               }
diff -Nru giflib-5.1.4/debian/patches/series giflib-5.1.4/debian/patches/series
--- giflib-5.1.4/debian/patches/series	2018-02-11 14:12:41.000000000 +0000
+++ giflib-5.1.4/debian/patches/series	2019-08-19 18:34:32.000000000 +0000
@@ -1 +1,4 @@
 03-spelling_fixes.patch
+CVE-2016-3977.patch
+CVE-2018-11490.patch
+CVE-2019-15133.patch