diff -Nru libmediainfo-18.03.1/debian/changelog libmediainfo-18.03.1/debian/changelog
--- libmediainfo-18.03.1/debian/changelog	2018-08-08 10:00:47.000000000 +0000
+++ libmediainfo-18.03.1/debian/changelog	2019-05-08 14:47:51.000000000 +0000
@@ -1,3 +1,15 @@
+libmediainfo (18.03.1-1ubuntu0.1) cosmic-security; urgency=medium
+
+  * SECURITY UPDATE: Out-of-bounds read.
+    - debian/patches/CVE-2019-11372_CVE-2019-11373_1.patch: AVI: fix crash with
+      some invalid streams.
+    - debian/patches/CVE-2019-11372_CVE-2019-11373_2.patch: SMPTE ST 337: fix
+      crash with some invalid streams.
+    - CVE-2019-11372
+    - CVE-2019-11373
+
+ -- Paulo Flabiano Smorigo <pfsmorigo@canonical.com>  Wed, 08 May 2019 11:47:51 -0300
+
 libmediainfo (18.03.1-1build1) cosmic; urgency=medium
 
   * Rebuild against new libtinyxml2-6a.
diff -Nru libmediainfo-18.03.1/debian/control libmediainfo-18.03.1/debian/control
--- libmediainfo-18.03.1/debian/control	2018-04-16 15:00:18.000000000 +0000
+++ libmediainfo-18.03.1/debian/control	2019-05-08 14:47:51.000000000 +0000
@@ -1,6 +1,7 @@
 Source: libmediainfo
 Priority: optional
-Maintainer: Chow Loong Jin <hyperair@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Chow Loong Jin <hyperair@debian.org>
 Build-Depends: debhelper (>= 9),
                dpkg-dev (>= 1.16.1),
                python-all (>= 2.6.6-3~),
diff -Nru libmediainfo-18.03.1/debian/patches/CVE-2019-11372_CVE-2019-11373_1.patch libmediainfo-18.03.1/debian/patches/CVE-2019-11372_CVE-2019-11373_1.patch
--- libmediainfo-18.03.1/debian/patches/CVE-2019-11372_CVE-2019-11373_1.patch	1970-01-01 00:00:00.000000000 +0000
+++ libmediainfo-18.03.1/debian/patches/CVE-2019-11372_CVE-2019-11373_1.patch	2019-05-08 14:47:51.000000000 +0000
@@ -0,0 +1,33 @@
+From 716747fdde2c8dd6d0fca1223362ae5ce533ae38 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Martinez?= <jerome@mediaarea.net>
+Date: Thu, 11 Apr 2019 12:39:13 +0200
+Subject: [PATCH] x B1101, AVI: fix crash with some invalid streams
+
+---
+ Source/MediaInfo/Multiple/File_Riff.cpp          | 2 +-
+ Source/MediaInfo/Multiple/File_Riff_Elements.cpp | 3 ++-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+--- libmediainfo-18.03.1.orig/Source/MediaInfo/Multiple/File_Riff.cpp
++++ libmediainfo-18.03.1/Source/MediaInfo/Multiple/File_Riff.cpp
+@@ -925,7 +925,7 @@ void File_Riff::Header_Parse()
+     }
+ 
+     //Alignment
+-    if (Size_Complete%2 && !IsNotWordAligned)
++    if (Size_Complete%2 && !IsNotWordAligned && File_Offset+Buffer_Offset+Element_Offset+Size_Complete<File_Size)
+     {
+         Size_Complete++; //Always 2-byte aligned
+         Alignement_ExtraByte=1;
+--- libmediainfo-18.03.1.orig/Source/MediaInfo/Multiple/File_Riff_Elements.cpp
++++ libmediainfo-18.03.1/Source/MediaInfo/Multiple/File_Riff_Elements.cpp
+@@ -412,7 +412,8 @@ namespace Elements
+ void File_Riff::Data_Parse()
+ {
+     //Alignement specific
+-    Element_Size-=Alignement_ExtraByte;
++    if (Alignement_ExtraByte<=Element_Size)
++        Element_Size-=Alignement_ExtraByte;
+ 
+     DATA_BEGIN
+     LIST(AIFC)
diff -Nru libmediainfo-18.03.1/debian/patches/CVE-2019-11372_CVE-2019-11373_2.patch libmediainfo-18.03.1/debian/patches/CVE-2019-11372_CVE-2019-11373_2.patch
--- libmediainfo-18.03.1/debian/patches/CVE-2019-11372_CVE-2019-11373_2.patch	1970-01-01 00:00:00.000000000 +0000
+++ libmediainfo-18.03.1/debian/patches/CVE-2019-11372_CVE-2019-11373_2.patch	2019-05-08 14:47:51.000000000 +0000
@@ -0,0 +1,40 @@
+From 65a7c4b24025b8fba0ead719c21ac562206d4ebf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Martinez?= <jerome@mediaarea.net>
+Date: Thu, 11 Apr 2019 12:39:29 +0200
+Subject: [PATCH] x B1101, SMPTE ST 337: fix crash with some invalid streams
+
+---
+ Source/MediaInfo/Audio/File_SmpteSt0337.cpp | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- libmediainfo-18.03.1.orig/Source/MediaInfo/Audio/File_SmpteSt0337.cpp
++++ libmediainfo-18.03.1/Source/MediaInfo/Audio/File_SmpteSt0337.cpp
+@@ -1158,6 +1158,7 @@ void File_SmpteSt0337::Data_Parse()
+ 
+     // Parsing
+     int32u  length_code;
++    int8u data_type_New;
+     Element_Begin1("Header");
+         BS_Begin();
+         Skip_S3(Stream_Bits,                                    "Pa");
+@@ -1167,7 +1168,7 @@ void File_SmpteSt0337::Data_Parse()
+             Skip_S1( 5,                                         "data_type_dependent");
+             Skip_SB(                                            "error_flag");
+             Info_S1( 2, data_mode,                              "data_mode"); Param_Info2(16+4*data_mode, " bits");
+-            Get_S1 ( 5, data_type,                              "data_type"); Param_Info1(Smpte_St0337_data_type[data_type]);
++            Get_S1 ( 5, data_type_New,                          "data_type"); Param_Info1(Smpte_St0337_data_type[data_type]);
+             if (Stream_Bits>16)
+                 Skip_S1( 4,                                     "reserved");
+             if (Stream_Bits>20)
+@@ -1177,6 +1178,11 @@ void File_SmpteSt0337::Data_Parse()
+         BS_End();
+     Element_End0();
+ 
++    if (data_type_New!=data_type)
++    {
++        delete Parser; Parser=NULL;
++        data_type=data_type_New;
++    }
+     if (Parser==NULL)
+     {
+         switch(data_type)
diff -Nru libmediainfo-18.03.1/debian/patches/series libmediainfo-18.03.1/debian/patches/series
--- libmediainfo-18.03.1/debian/patches/series	2018-04-16 15:00:18.000000000 +0000
+++ libmediainfo-18.03.1/debian/patches/series	2019-05-08 14:47:51.000000000 +0000
@@ -1 +1,3 @@
 Call-PKG_PROG_PKG_CONFIG-manually.patch
+CVE-2019-11372_CVE-2019-11373_1.patch
+CVE-2019-11372_CVE-2019-11373_2.patch