diff -Nru libsoup2.4-2.44.2/debian/changelog libsoup2.4-2.44.2/debian/changelog
--- libsoup2.4-2.44.2/debian/changelog	2017-08-09 07:07:28.000000000 +0000
+++ libsoup2.4-2.44.2/debian/changelog	2018-07-02 15:31:32.000000000 +0000
@@ -1,3 +1,11 @@
+libsoup2.4 (2.44.2-1ubuntu2.3) trusty-security; urgency=medium
+
+  * SECURITY UPDATE: Fail to handle empty hostnames
+    - debian/patches/CVE-2018-12910.patch: fix in libsoup/soup-cookie-jar.c.
+    - CVE-2018-12910
+
+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Mon, 02 Jul 2018 12:29:22 -0300
+
 libsoup2.4 (2.44.2-1ubuntu2.2) trusty-security; urgency=medium
 
   * SECURITY UPDATE: chunked encoding stack buffer overflow
diff -Nru libsoup2.4-2.44.2/debian/control libsoup2.4-2.44.2/debian/control
--- libsoup2.4-2.44.2/debian/control	2017-08-09 07:10:53.000000000 +0000
+++ libsoup2.4-2.44.2/debian/control	2018-07-02 15:33:04.000000000 +0000
@@ -7,7 +7,7 @@
 Priority: optional
 Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
 XSBC-Original-Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
-Uploaders: Andreas Henriksson <andreas@fatal.se>, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>, Emilio Pozuelo Monfort <pochu@debian.org>, Michael Biebl <biebl@debian.org>
+Uploaders: Andreas Henriksson <andreas@fatal.se>, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>, Emilio Pozuelo Monfort <pochu@debian.org>
 Build-Depends: debhelper (>= 9),
                cdbs (>= 0.4.93~),
                dh-autoreconf,
diff -Nru libsoup2.4-2.44.2/debian/patches/CVE-2018-12910.patch libsoup2.4-2.44.2/debian/patches/CVE-2018-12910.patch
--- libsoup2.4-2.44.2/debian/patches/CVE-2018-12910.patch	1970-01-01 00:00:00.000000000 +0000
+++ libsoup2.4-2.44.2/debian/patches/CVE-2018-12910.patch	2018-07-02 15:29:14.000000000 +0000
@@ -0,0 +1,22 @@
+From db2b0d5809d5f8226d47312b40992cadbcde439f Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@igalia.com>
+Date: Sun, 24 Jun 2018 19:46:19 -0500
+Subject: [PATCH] cookie-jar: bail if hostname is an empty string
+
+There are several other ways to fix the problem with this function, but
+skipping over all of the code is probably the simplest.
+
+Fixes #3
+diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
+index 93fd157..7c9cf78 100644
+--- a/libsoup/soup-cookie-jar.c
++++ b/libsoup/soup-cookie-jar.c
+@@ -306,7 +306,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
+ 
+ 	priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
+ 
+-	if (!uri->host)
++	if (!uri->host || !uri->host[0])
+ 		return NULL;
+ 
+ 	/* The logic here is a little weird, but the plan is that if
diff -Nru libsoup2.4-2.44.2/debian/patches/series libsoup2.4-2.44.2/debian/patches/series
--- libsoup2.4-2.44.2/debian/patches/series	2017-08-09 07:06:44.000000000 +0000
+++ libsoup2.4-2.44.2/debian/patches/series	2018-07-02 15:29:14.000000000 +0000
@@ -2,3 +2,4 @@
 git_no_ssl_test_work.patch
 new_samba_compat.patch
 CVE-2017-2885.patch
+CVE-2018-12910.patch