diff -Nru libjpeg-turbo-2.0.3/debian/changelog libjpeg-turbo-2.0.3/debian/changelog
--- libjpeg-turbo-2.0.3/debian/changelog	2019-09-09 14:58:13.000000000 +0000
+++ libjpeg-turbo-2.0.3/debian/changelog	2020-06-04 16:10:10.000000000 +0000
@@ -1,3 +1,12 @@
+libjpeg-turbo (2.0.3-0ubuntu1.20.04.1) focal-security; urgency=medium
+
+  * SECURITY UPDATE: Heap-based buffer over-read
+    - debian/patches/CVE-2020-13790.patch: fix buf overrun caused
+      by bad binary PPM in rdppm.c.
+    - CVE-2020-13790
+
+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Thu, 04 Jun 2020 13:10:10 -0300
+
 libjpeg-turbo (2.0.3-0ubuntu1) eoan; urgency=medium
 
   * New upstream version
diff -Nru libjpeg-turbo-2.0.3/debian/patches/CVE-2020-13790.patch libjpeg-turbo-2.0.3/debian/patches/CVE-2020-13790.patch
--- libjpeg-turbo-2.0.3/debian/patches/CVE-2020-13790.patch	1970-01-01 00:00:00.000000000 +0000
+++ libjpeg-turbo-2.0.3/debian/patches/CVE-2020-13790.patch	2020-06-04 16:10:04.000000000 +0000
@@ -0,0 +1,71 @@
+From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001
+From: DRC <information@libjpeg-turbo.org>
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+---
+ ChangeLog.md | 14 ++++++++++----
+ rdppm.c      |  4 ++--
+ 2 files changed, 12 insertions(+), 6 deletions(-)
+
+Index: libjpeg-turbo-2.0.3/ChangeLog.md
+===================================================================
+--- libjpeg-turbo-2.0.3.orig/ChangeLog.md
++++ libjpeg-turbo-2.0.3/ChangeLog.md
+@@ -35,6 +35,12 @@ an error ("Invalid progressive parameter
+ progression sequence") if passed a TurboJPEG instance that was previously used
+ to decompress a progressive JPEG image.
+ 
++3. Fixed an issue in the PPM reader that caused a buffer overrun in cjpeg,
++TJBench, or the `tjLoadImage()` function if one of the values in a binary
++PPM/PGM input file exceeded the maximum value defined in the file's header and
++that maximum value was less than 255.  libjpeg-turbo 1.5.0 already included a
++similar fix for binary PPM/PGM files with maximum values greater than 255.
++
+ 
+ 2.0.2
+ =====
+@@ -520,10 +526,10 @@ application was linked against.
+ 
+ 3. Fixed a couple of issues in the PPM reader that would cause buffer overruns
+ in cjpeg if one of the values in a binary PPM/PGM input file exceeded the
+-maximum value defined in the file's header.  libjpeg-turbo 1.4.2 already
+-included a similar fix for ASCII PPM/PGM files.  Note that these issues were
+-not security bugs, since they were confined to the cjpeg program and did not
+-affect any of the libjpeg-turbo libraries.
++maximum value defined in the file's header and that maximum value was greater
++than 255.  libjpeg-turbo 1.4.2 already included a similar fix for ASCII PPM/PGM
++files.  Note that these issues were not security bugs, since they were confined
++to the cjpeg program and did not affect any of the libjpeg-turbo libraries.
+ 
+ 4. Fixed an issue whereby attempting to decompress a JPEG file with a corrupt
+ header using the `tjDecompressToYUV2()` function would cause the function to
+Index: libjpeg-turbo-2.0.3/rdppm.c
+===================================================================
+--- libjpeg-turbo-2.0.3.orig/rdppm.c
++++ libjpeg-turbo-2.0.3/rdppm.c
+@@ -5,7 +5,7 @@
+  * Copyright (C) 1991-1997, Thomas G. Lane.
+  * Modified 2009 by Bill Allombert, Guido Vollbeding.
+  * libjpeg-turbo Modifications:
+- * Copyright (C) 2015-2017, D. R. Commander.
++ * Copyright (C) 2015-2017, 2020, D. R. Commander.
+  * For conditions of distribution and use, see the accompanying README.ijg
+  * file.
+  *
+@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cj
+     /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+     source->rescale = (JSAMPLE *)
+       (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
+-                                  (size_t)(((long)maxval + 1L) *
++                                  (size_t)(((long)MAX(maxval, 255) + 1L) *
+                                            sizeof(JSAMPLE)));
+     half_maxval = maxval / 2;
+     for (val = 0; val <= (long)maxval; val++) {
diff -Nru libjpeg-turbo-2.0.3/debian/patches/series libjpeg-turbo-2.0.3/debian/patches/series
--- libjpeg-turbo-2.0.3/debian/patches/series	2019-09-09 14:49:51.000000000 +0000
+++ libjpeg-turbo-2.0.3/debian/patches/series	2020-06-04 16:10:04.000000000 +0000
@@ -1,2 +1,3 @@
 # FixLibraryStartup.patch
 #install-tjunittest.patch
+CVE-2020-13790.patch