diff -Nru gnulib-20140202+stable/debian/changelog gnulib-20140202+stable/debian/changelog
--- gnulib-20140202+stable/debian/changelog	2018-04-03 12:26:05.000000000 +0000
+++ gnulib-20140202+stable/debian/changelog	2018-10-16 17:48:52.000000000 +0000
@@ -1,8 +1,18 @@
-gnulib (20140202+stable-2build1) bionic; urgency=high
+gnulib (20140202+stable-2+deb8u1build0.18.04.1) bionic-security; urgency=medium
 
-  * No change rebuild to pick up -fPIE compiler default
+  * fake sync from Debian
 
- -- Balint Reczey <rbalint@ubuntu.com>  Tue, 03 Apr 2018 12:26:05 +0000
+ -- Mike Salvatore <mike.salvatore@canonical.com>  Tue, 16 Oct 2018 13:48:52 -0400
+
+gnulib (20140202+stable-2+deb8u1) jessie-security; urgency=medium
+
+  * Non-maintainer upload by the LTS team.
+  * Fix CVE-2018-17942:
+    Ben Pfaff disvovered that the convert_to_decimal function in the GNU
+    Portability Library contains a heap-based buffer overflow because memory is
+    not allocated for a trailing '\0' character during %f processing.
+
+ -- Markus Koschany <apo@debian.org>  Wed, 10 Oct 2018 21:44:14 +0200
 
 gnulib (20140202+stable-2) unstable; urgency=low
 
diff -Nru gnulib-20140202+stable/debian/control gnulib-20140202+stable/debian/control
--- gnulib-20140202+stable/debian/control	2018-04-03 12:26:05.000000000 +0000
+++ gnulib-20140202+stable/debian/control	2018-10-10 19:44:14.000000000 +0000
@@ -1,8 +1,7 @@
 Source: gnulib
 Section: devel
 Priority: optional
-Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
-XSBC-Original-Maintainer: Ian Beckwith <ianb@debian.org>
+Maintainer: Ian Beckwith <ianb@debian.org>
 Build-Depends: dpkg-dev (>= 1.16.2), debhelper (>= 9), autoconf, automake, perl
 Build-Depends-Indep: texinfo
 Standards-Version: 3.9.5
diff -Nru gnulib-20140202+stable/debian/patches/CVE-2018-17942.patch gnulib-20140202+stable/debian/patches/CVE-2018-17942.patch
--- gnulib-20140202+stable/debian/patches/CVE-2018-17942.patch	1970-01-01 00:00:00.000000000 +0000
+++ gnulib-20140202+stable/debian/patches/CVE-2018-17942.patch	2018-10-10 19:44:14.000000000 +0000
@@ -0,0 +1,58 @@
+From: Markus Koschany <apo@debian.org>
+Date: Wed, 10 Oct 2018 18:59:52 +0200
+Subject: CVE-2018-17942
+
+Bug-Debian: https://bugs.debian.org/910757
+Origin: https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35
+---
+ lib/vasnprintf.c        |  4 +++-
+ tests/test-vasnprintf.c | 21 ++++++++++++++++++++-
+ 2 files changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c
+index f2ccc1c..1c0719e 100644
+--- a/lib/vasnprintf.c
++++ b/lib/vasnprintf.c
+@@ -849,7 +849,9 @@ convert_to_decimal (mpn_t a, size_t extra_zeroes)
+   size_t a_len = a.nlimbs;
+   /* 0.03345 is slightly larger than log(2)/(9*log(10)).  */
+   size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1);
+-  char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes));
++  /* We need extra_zeroes bytes for zeroes, followed by c_len bytes for the
++     digits of a, followed by 1 byte for the terminating NUL.  */
++  char *c_ptr = (char *) malloc (xsum (xsum (extra_zeroes, c_len), 1));
+   if (c_ptr != NULL)
+     {
+       char *d_ptr = c_ptr;
+diff --git a/tests/test-vasnprintf.c b/tests/test-vasnprintf.c
+index 2cbad5d..d0136ac 100644
+--- a/tests/test-vasnprintf.c
++++ b/tests/test-vasnprintf.c
+@@ -53,7 +53,26 @@ test_function (char * (*my_asnprintf) (char *, size_t *, const char *, ...))
+       ASSERT (result != NULL);
+       ASSERT (strcmp (result, "12345") == 0);
+       ASSERT (length == 5);
+-      if (size < 6)
++      if (size < 5 + 1)
++        ASSERT (result != buf);
++      ASSERT (memcmp (buf + size, &"DEADBEEF"[size], 8 - size) == 0);
++      if (result != buf)
++        free (result);
++    }
++
++  /* Note: This test assumes IEEE 754 representation of 'double' floats.  */
++  for (size = 0; size <= 8; size++)
++    {
++      size_t length;
++      char *result;
++
++      memcpy (buf, "DEADBEEF", 8);
++      length = size;
++      result = my_asnprintf (buf, &length, "%2.0f", 1.6314159265358979e+125);
++      ASSERT (result != NULL);
++      ASSERT (strcmp (result, "163141592653589790215729350939528493057529598899734151772468186268423257777068536614838678161083520756952076273094236944990208") == 0);
++      ASSERT (length == 126);
++      if (size < 126 + 1)
+         ASSERT (result != buf);
+       ASSERT (memcmp (buf + size, &"DEADBEEF"[size], 8 - size) == 0);
+       if (result != buf)
diff -Nru gnulib-20140202+stable/debian/patches/series gnulib-20140202+stable/debian/patches/series
--- gnulib-20140202+stable/debian/patches/series	2014-03-03 13:18:15.000000000 +0000
+++ gnulib-20140202+stable/debian/patches/series	2018-10-10 19:44:14.000000000 +0000
@@ -1,2 +1,3 @@
 01-gnulib-directory.patch
 02-shebang.patch
+CVE-2018-17942.patch