diff -Nru libusbmuxd-1.0.10/debian/changelog libusbmuxd-1.0.10/debian/changelog
--- libusbmuxd-1.0.10/debian/changelog	2016-01-04 09:37:16.000000000 +0000
+++ libusbmuxd-1.0.10/debian/changelog	2016-06-02 13:58:13.000000000 +0000
@@ -1,3 +1,12 @@
+libusbmuxd (1.0.10-2ubuntu0.1) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: incorrectly bound listening socket
+    - debian/patches/CVE-2016-5104.patch: use INADDR_LOOPBACK in
+      common/socket.c.
+    - CVE-2016-5104
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 02 Jun 2016 09:58:13 -0400
+
 libusbmuxd (1.0.10-2) unstable; urgency=medium
 
   * Reupload to unstable
diff -Nru libusbmuxd-1.0.10/debian/control libusbmuxd-1.0.10/debian/control
--- libusbmuxd-1.0.10/debian/control	2016-01-04 09:37:16.000000000 +0000
+++ libusbmuxd-1.0.10/debian/control	2016-06-02 13:58:29.000000000 +0000
@@ -1,6 +1,7 @@
 Source: libusbmuxd
 Priority: optional
-Maintainer: gtkpod Maintainers <pkg-gtkpod-devel@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: gtkpod Maintainers <pkg-gtkpod-devel@lists.alioth.debian.org>
 Uploaders: Chow Loong Jin <hyperair@debian.org>
 Build-Depends: debhelper (>= 9.0.0),
                dh-autoreconf,
diff -Nru libusbmuxd-1.0.10/debian/patches/CVE-2016-5104.patch libusbmuxd-1.0.10/debian/patches/CVE-2016-5104.patch
--- libusbmuxd-1.0.10/debian/patches/CVE-2016-5104.patch	1970-01-01 00:00:00.000000000 +0000
+++ libusbmuxd-1.0.10/debian/patches/CVE-2016-5104.patch	2016-06-02 13:58:09.000000000 +0000
@@ -0,0 +1,31 @@
+From 4397b3376dc4e4cb1c991d0aed61ce6482614196 Mon Sep 17 00:00:00 2001
+From: Joshua Hill <posixninja@gmail.com>
+Date: Tue, 29 Dec 2015 23:09:37 +0100
+Subject: [PATCH] common: [security fix] Make sure sockets only listen locally
+
+---
+ common/socket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/common/socket.c b/common/socket.c
+index 27b93ba..4cdefd6 100644
+--- a/common/socket.c
++++ b/common/socket.c
+@@ -203,7 +203,7 @@ int socket_create(uint16_t port)
+ 
+ 	memset((void *) &saddr, 0, sizeof(saddr));
+ 	saddr.sin_family = AF_INET;
+-	saddr.sin_addr.s_addr = htonl(INADDR_ANY);
++	saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	saddr.sin_port = htons(port);
+ 
+ 	if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) {
+@@ -368,7 +368,7 @@ int socket_accept(int fd, uint16_t port)
+ 
+ 	memset(&addr, 0, sizeof(addr));
+ 	addr.sin_family = AF_INET;
+-	addr.sin_addr.s_addr = htonl(INADDR_ANY);
++	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	addr.sin_port = htons(port);
+ 
+ 	addr_len = sizeof(addr);
diff -Nru libusbmuxd-1.0.10/debian/patches/series libusbmuxd-1.0.10/debian/patches/series
--- libusbmuxd-1.0.10/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ libusbmuxd-1.0.10/debian/patches/series	2016-06-02 13:58:09.000000000 +0000
@@ -0,0 +1 @@
+CVE-2016-5104.patch