diff -Nru libgd2-2.3.0/debian/changelog libgd2-2.3.0/debian/changelog
--- libgd2-2.3.0/debian/changelog	2020-05-06 14:11:29.000000000 +0000
+++ libgd2-2.3.0/debian/changelog	2021-09-09 12:29:48.000000000 +0000
@@ -1,3 +1,16 @@
+libgd2 (2.3.0-2ubuntu1) impish; urgency=medium
+
+  * SECURITY UPDATE: Out-of-bounds read
+    - debian/patches/CVE-2021-38115.patch: fix a read out-of-bounds in
+      reading tga header file in src/gd_tga.c.
+    - CVE-2021-38115
+  * SECURITY UPDATE: Double free
+    - debian/patches/CVE-2021-40145-*.patch: fix a memory leak in
+      src/gd_gd2.c.
+    - CVE-2021-40145
+
+ -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Thu, 09 Sep 2021 09:29:48 -0300
+
 libgd2 (2.3.0-2) unstable; urgency=medium
 
   * Add patch to fix gdImageStringFT() fails for empty strings
diff -Nru libgd2-2.3.0/debian/control libgd2-2.3.0/debian/control
--- libgd2-2.3.0/debian/control	2020-05-06 14:11:29.000000000 +0000
+++ libgd2-2.3.0/debian/control	2021-09-09 12:29:48.000000000 +0000
@@ -1,7 +1,8 @@
 Source: libgd2
 Section: graphics
 Priority: optional
-Maintainer: GD Team <team+gd@tracker.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: GD Team <team+gd@tracker.debian.org>
 Uploaders: Ondřej Surý <ondrej@debian.org>
 Build-Depends: autotools-dev,
 	       debhelper (>= 9.20150101~),
diff -Nru libgd2-2.3.0/debian/patches/CVE-2021-38115.patch libgd2-2.3.0/debian/patches/CVE-2021-38115.patch
--- libgd2-2.3.0/debian/patches/CVE-2021-38115.patch	1970-01-01 00:00:00.000000000 +0000
+++ libgd2-2.3.0/debian/patches/CVE-2021-38115.patch	2021-09-09 12:29:48.000000000 +0000
@@ -0,0 +1,26 @@
+From 8b111b2b4a4842179be66db68d84dda91a246032 Mon Sep 17 00:00:00 2001
+From: maryam ebrahimzadeh <maryam.ebr@student.sharif.edu>
+Date: Mon, 19 Jul 2021 10:07:13 +0430
+Subject: [PATCH] fix read out-of-bands in reading tga header file
+
+---
+ src/gd_tga.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/gd_tga.c b/src/gd_tga.c
+index cae9428da..286febb28 100644
+--- a/src/gd_tga.c
++++ b/src/gd_tga.c
+@@ -191,7 +191,11 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga)
+ 			return -1;
+ 		}
+ 
+-		gdGetBuf(tga->ident, tga->identsize, ctx);
++		
++		if (gdGetBuf(tga->ident, tga->identsize, ctx) != tga->identsize) {
++			gd_error("fail to read header ident");
++			return -1;
++		}
+ 	}
+ 
+ 	return 1;
diff -Nru libgd2-2.3.0/debian/patches/CVE-2021-40145-1.patch libgd2-2.3.0/debian/patches/CVE-2021-40145-1.patch
--- libgd2-2.3.0/debian/patches/CVE-2021-40145-1.patch	1970-01-01 00:00:00.000000000 +0000
+++ libgd2-2.3.0/debian/patches/CVE-2021-40145-1.patch	2021-09-09 12:29:48.000000000 +0000
@@ -0,0 +1,77 @@
+From e95059590fadaabd9aadc0c0489804d75a3c5d52 Mon Sep 17 00:00:00 2001
+From: maryam ebrahimzadeh <maryam.ebr@student.sharif.edu>
+Date: Mon, 19 Jul 2021 18:52:50 +0430
+Subject: [PATCH 1/3] gdImageGd2Ptr memory leak
+
+---
+ src/gd_gd2.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/src/gd_gd2.c b/src/gd_gd2.c
+index 760e85b9f..84ec53375 100644
+--- a/src/gd_gd2.c
++++ b/src/gd_gd2.c
+@@ -1,4 +1,4 @@
+-/*
++
/*
+    * gd_gd2.c
+    *
+    * Implements the I/O and support for the GD2 format.
+@@ -910,9 +910,11 @@ _gd2PutHeader (gdImagePtr im, gdIOCtx * out, int cs, int fmt, int cx, int cy)
+ 
+ }
+ 
+-static void
++/* returns 0 on success, 1 on failure */
++static int
+ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
+ {
++	int ret = 0;
+ 	int ncx, ncy, cx, cy;
+ 	int x, y, ylo, yhi, xlo, xhi;
+ 	int chunkLen;
+@@ -974,10 +976,12 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
+ 		/* */
+ 		chunkData = gdCalloc (cs * bytesPerPixel * cs, 1);
+ 		if (!chunkData) {
++			ret = 1;
+ 			goto fail;
+ 		}
+ 		compData = gdCalloc (compMax, 1);
+ 		if (!compData) {
++			ret = 1;
+ 			goto fail;
+ 		}
+ 
+@@ -992,6 +996,7 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
+ 
+ 		chunkIdx = gdCalloc (idxSize * sizeof (t_chunk_info), 1);
+ 		if (!chunkIdx) {
++			ret = 1;
+ 			goto fail;
+ 		}
+ 	};
+@@ -1107,6 +1112,8 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
+ 	}
+ 	GD2_DBG (printf ("Done\n"));
+ 
++	return ret;
++
+ }
+ 
+ /*
+@@ -1128,8 +1135,11 @@ BGD_DECLARE(void *) gdImageGd2Ptr (gdImagePtr im, int cs, int fmt, int *size)
+ 	void *rv;
+ 	gdIOCtx *out = gdNewDynamicCtx (2048, NULL);
+ 	if (out == NULL) return NULL;
+-	_gdImageGd2 (im, out, cs, fmt);
+-	rv = gdDPExtractData (out, size);
++	if (_gdImageGd2(im, out, cs, fmt)) {
++		rv = NULL;
++	} else {
++		rv = gdDPExtractData(out, size);
++	}
+ 	out->gd_free (out);
+ 	return rv;
+ }
+
diff -Nru libgd2-2.3.0/debian/patches/CVE-2021-40145-2.patch libgd2-2.3.0/debian/patches/CVE-2021-40145-2.patch
--- libgd2-2.3.0/debian/patches/CVE-2021-40145-2.patch	1970-01-01 00:00:00.000000000 +0000
+++ libgd2-2.3.0/debian/patches/CVE-2021-40145-2.patch	2021-09-09 12:29:48.000000000 +0000
@@ -0,0 +1,28 @@
+From e8eeb8dde5bc4c9d4e7ae1ab43d9fd1780ceb792 Mon Sep 17 00:00:00 2001
+From: Maryam Ebrahimzadeh <61263086+me22bee@users.noreply.github.com>
+Date: Tue, 24 Aug 2021 11:46:07 +0430
+Subject: [PATCH 2/3] trigger the github actions
+
+---
+ src/gd_gd2.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/gd_gd2.c b/src/gd_gd2.c
+index 84ec53375..097c93d0d 100644
+--- a/src/gd_gd2.c
++++ b/src/gd_gd2.c
+@@ -1135,11 +1135,13 @@ BGD_DECLARE(void *) gdImageGd2Ptr (gdImagePtr im, int cs, int fmt, int *size)
+ 	void *rv;
+ 	gdIOCtx *out = gdNewDynamicCtx (2048, NULL);
+ 	if (out == NULL) return NULL;
++	
+ 	if (_gdImageGd2(im, out, cs, fmt)) {
+ 		rv = NULL;
+ 	} else {
+ 		rv = gdDPExtractData(out, size);
+ 	}
++	
+ 	out->gd_free (out);
+ 	return rv;
+ }
+
diff -Nru libgd2-2.3.0/debian/patches/CVE-2021-40145-3.patch libgd2-2.3.0/debian/patches/CVE-2021-40145-3.patch
--- libgd2-2.3.0/debian/patches/CVE-2021-40145-3.patch	1970-01-01 00:00:00.000000000 +0000
+++ libgd2-2.3.0/debian/patches/CVE-2021-40145-3.patch	2021-09-09 12:29:48.000000000 +0000
@@ -0,0 +1,19 @@
+From a1d4caace613d31209b42d22d9f7ebe37c381f9a Mon Sep 17 00:00:00 2001
+From: Maryam Ebrahimzadeh <61263086+me22bee@users.noreply.github.com>
+Date: Tue, 24 Aug 2021 12:02:23 +0430
+Subject: [PATCH 3/3] remove non-printable bytes
+
+---
+ src/gd_gd2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/gd_gd2.c b/src/gd_gd2.c
+index 097c93d0d..5c57d44a6 100644
+--- a/src/gd_gd2.c
++++ b/src/gd_gd2.c
+@@ -1,4 +1,4 @@
+-
/*
++/*
+    * gd_gd2.c
+    *
+    * Implements the I/O and support for the GD2 format.
diff -Nru libgd2-2.3.0/debian/patches/series libgd2-2.3.0/debian/patches/series
--- libgd2-2.3.0/debian/patches/series	2020-05-06 14:11:29.000000000 +0000
+++ libgd2-2.3.0/debian/patches/series	2021-09-09 12:29:48.000000000 +0000
@@ -3,3 +3,7 @@
 0003-tests-make-a-little-change-for-autopkgtest.patch
 0004-Add-missing-getlib.sh-script.patch
 0005-Fix-615-gdImageStringFT-fails-for-empty-strings-as-o.patch
+CVE-2021-38115.patch
+CVE-2021-40145-1.patch
+CVE-2021-40145-2.patch
+CVE-2021-40145-3.patch