diff -Nru munin-2.0.25/debian/changelog munin-2.0.25/debian/changelog
--- munin-2.0.25/debian/changelog	2015-08-30 08:07:44.000000000 +0000
+++ munin-2.0.25/debian/changelog	2020-07-21 14:00:13.000000000 +0000
@@ -1,3 +1,29 @@
+munin (2.0.25-2ubuntu0.16.04.4) xenial; urgency=medium
+
+  * Add patch to avoid reporting speed below 0 for network devices
+    (LP: #1673357).
+
+ -- Lucas Kanashiro <kanashiro@ubuntu.com>  Mon, 20 Jul 2020 10:04:10 -0300
+
+munin (2.0.25-2ubuntu0.16.04.3) xenial-security; urgency=medium
+
+  * SECURITY REGRESSION: log spamming issue (LP: #1669764)
+    - debian/patches/CVE-2017-6188-3.patch: use looks_like_number in
+      master/_bin/munin-cgi-graph.in.
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 03 Mar 2017 07:19:15 -0500
+
+munin (2.0.25-2ubuntu0.16.04.2) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: local file write vulnerability
+    - debian/patches/CVE-2017-6188.patch: avoid expansion in list context
+      in master/_bin/munin-cgi-graph.in.
+    - debian/patches/CVE-2017-6188-2.patch: handle empty strings in
+      master/_bin/munin-cgi-graph.in.
+    - CVE-2017-6188
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 02 Mar 2017 07:15:21 -0500
+
 munin (2.0.25-2) unstable; urgency=medium
 
   [ Holger Levsen ]
diff -Nru munin-2.0.25/debian/control munin-2.0.25/debian/control
--- munin-2.0.25/debian/control	2015-08-30 08:07:44.000000000 +0000
+++ munin-2.0.25/debian/control	2020-07-20 12:55:35.000000000 +0000
@@ -1,7 +1,8 @@
 Source: munin
 Section: net
 Priority: optional
-Maintainer: Munin Debian Maintainers <packaging@munin-monitoring.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Munin Debian Maintainers <packaging@munin-monitoring.org>
 Uploaders: Holger Levsen <holger@debian.org>, 
  Stig Sandbeck Mathisen <ssm@debian.org>
 Build-Depends-Indep:
diff -Nru munin-2.0.25/debian/patches/0005-Do-not-report-speed-below-0-for-network-devices.patch munin-2.0.25/debian/patches/0005-Do-not-report-speed-below-0-for-network-devices.patch
--- munin-2.0.25/debian/patches/0005-Do-not-report-speed-below-0-for-network-devices.patch	1970-01-01 00:00:00.000000000 +0000
+++ munin-2.0.25/debian/patches/0005-Do-not-report-speed-below-0-for-network-devices.patch	2020-07-20 14:36:27.000000000 +0000
@@ -0,0 +1,25 @@
+From: Lucas Kanashiro <lucas.kanashiro@canonical.com>
+Date: Mon, 20 Jul 2020 09:58:22 -0300
+Subject: Do not report speed below 0 for network devices
+
+Origin: upstream, https://github.com/munin-monitoring/munin/commit/78c3c3aa
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1673357
+Reviewed-by: Lucas Kanashiro <kanashiro@ubuntu.com>
+Last-Updated: 2020-07-20
+---
+ plugins/node.d.linux/if_.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plugins/node.d.linux/if_.in b/plugins/node.d.linux/if_.in
+index 7718979..34b57ef 100644
+--- a/plugins/node.d.linux/if_.in
++++ b/plugins/node.d.linux/if_.in
+@@ -91,7 +91,7 @@ findspeed_mbps() {
+     # iwlist first)
+     if [[ -r /sys/class/net/$INTERFACE/speed ]]; then
+             SPEED=$(cat /sys/class/net/$INTERFACE/speed 2>/dev/null)
+-            if [[ -n "$SPEED" ]]; then
++            if [[ "$SPEED" -gt 0 ]]; then
+                 echo $SPEED
+                 return
+             fi
diff -Nru munin-2.0.25/debian/patches/CVE-2017-6188-2.patch munin-2.0.25/debian/patches/CVE-2017-6188-2.patch
--- munin-2.0.25/debian/patches/CVE-2017-6188-2.patch	1970-01-01 00:00:00.000000000 +0000
+++ munin-2.0.25/debian/patches/CVE-2017-6188-2.patch	2020-07-20 14:36:19.000000000 +0000
@@ -0,0 +1,45 @@
+From 549bd25d6a45e153159ef8535fc070a71093a3c9 Mon Sep 17 00:00:00 2001
+From: Steve Schnepp <steve.schnepp@pwkf.org>
+Date: Wed, 1 Mar 2017 20:16:04 +0100
+Subject: [PATCH] cgi: handle the empty string in CGI arguments
+
+The previous fix is a little too restrictive. And it just adds the parameters
+if it is defined. Which should not be the case if it is an empty string.
+
+Note that a simple "if" test has the nasty side-effect of being false if the
+value is "0".
+
+A more complete test should be done then.
+
+It might be better to fix the dynazoom call itself, but as we already touched
+that area, and failed, let's try to contain this and avoid having the change
+spreading epidemically :)
+---
+ master/_bin/munin-cgi-graph.in | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+Index: munin-2.0.25/master/_bin/munin-cgi-graph.in
+===================================================================
+--- munin-2.0.25.orig/master/_bin/munin-cgi-graph.in	2017-03-02 07:13:48.549614469 -0500
++++ munin-2.0.25/master/_bin/munin-cgi-graph.in	2017-03-02 07:13:48.545614431 -0500
+@@ -450,16 +450,16 @@
+ 
+     # using a temporary variable to avoid expansion in list context and fix CVE-2017-6188
+     my $size_x = CGI::param("size_x");
+-    push @params, "--size_x", $size_x if defined $size_x;
++    push @params, "--size_x", $size_x if $size_x || ($size_x eq "0");
+ 
+     my $size_y = CGI::param("size_y");
+-    push @params, "--size_y", $size_y if defined $size_y;
++    push @params, "--size_y", $size_y if $size_y || ($size_y eq "0");
+ 
+     my $upper_limit = CGI::param("upper_limit");
+-    push @params, "--upper_limit", $upper_limit if defined $upper_limit;
++    push @params, "--upper_limit", $upper_limit if $upper_limit || ($upper_limit eq "0");
+ 
+     my $lower_limit = CGI::param("lower_limit");
+-    push @params, "--lower_limit", $lower_limit if defined $lower_limit;
++    push @params, "--lower_limit", $lower_limit if $lower_limit || ($lower_limit eq "0");
+ 
+ 
+     # Sometimes we want to set the IMG size, and not the canvas.
diff -Nru munin-2.0.25/debian/patches/CVE-2017-6188-3.patch munin-2.0.25/debian/patches/CVE-2017-6188-3.patch
--- munin-2.0.25/debian/patches/CVE-2017-6188-3.patch	1970-01-01 00:00:00.000000000 +0000
+++ munin-2.0.25/debian/patches/CVE-2017-6188-3.patch	2020-07-20 14:36:19.000000000 +0000
@@ -0,0 +1,45 @@
+From 6373554b1cc8bee886947cee598e86d1d9ea1e4a Mon Sep 17 00:00:00 2001
+From: Steve Schnepp <steve.schnepp@pwkf.org>
+Date: Fri, 3 Mar 2017 00:55:40 +0100
+Subject: [PATCH] cgi: use Scalar::Util::looks_like_number
+
+As Jonas Meurer <jonas@freesources.org> said in a comment, it is much
+better to use Scalar::Util::looks_like_number() instead of coming up
+with a semi-clever algo.
+
+Closes: #804
+---
+ master/_bin/munin-cgi-graph.in | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+Index: munin-2.0.25/master/_bin/munin-cgi-graph.in
+===================================================================
+--- munin-2.0.25.orig/master/_bin/munin-cgi-graph.in	2017-03-03 07:14:02.542742612 -0500
++++ munin-2.0.25/master/_bin/munin-cgi-graph.in	2017-03-03 07:14:02.538742570 -0500
+@@ -447,19 +447,22 @@
+ 		   '--output-file', $filename );
+ 
+     # Sets the correct size on a by_graph basis
++    { use Scalar::Util qw(looks_like_number);
+ 
+     # using a temporary variable to avoid expansion in list context and fix CVE-2017-6188
+     my $size_x = CGI::param("size_x");
+-    push @params, "--size_x", $size_x if $size_x || ($size_x eq "0");
++    push @params, "--size_x", $size_x if looks_like_number($size_x);
+ 
+     my $size_y = CGI::param("size_y");
+-    push @params, "--size_y", $size_y if $size_y || ($size_y eq "0");
++    push @params, "--size_y", $size_y if looks_like_number($size_y);
+ 
+     my $upper_limit = CGI::param("upper_limit");
+-    push @params, "--upper_limit", $upper_limit if $upper_limit || ($upper_limit eq "0");
++    push @params, "--upper_limit", $upper_limit if looks_like_number($upper_limit);
+ 
+     my $lower_limit = CGI::param("lower_limit");
+-    push @params, "--lower_limit", $lower_limit if $lower_limit || ($lower_limit eq "0");
++    push @params, "--lower_limit", $lower_limit if looks_like_number($lower_limit);
++
++    }
+ 
+ 
+     # Sometimes we want to set the IMG size, and not the canvas.
diff -Nru munin-2.0.25/debian/patches/CVE-2017-6188.patch munin-2.0.25/debian/patches/CVE-2017-6188.patch
--- munin-2.0.25/debian/patches/CVE-2017-6188.patch	1970-01-01 00:00:00.000000000 +0000
+++ munin-2.0.25/debian/patches/CVE-2017-6188.patch	2020-07-20 14:36:19.000000000 +0000
@@ -0,0 +1,70 @@
+From 42ce18f24d3eae8be33526a198bf21e4f2330230 Mon Sep 17 00:00:00 2001
+From: Steve Schnepp <steve.schnepp@pwkf.org>
+Date: Sat, 25 Feb 2017 11:20:52 +0100
+Subject: [PATCH] Fix wrong parameter expansion in CGI
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+As Tomaž Šolc <tomaz.solc@tablix.org> said :
+
+	Munin package in Jessie has a local file write vulnerability when CGI graphs are
+	enabled. Setting multiple "upper_limit" GET parameters allows overwriting any
+	file accessible to the www-data user.
+
+And sstj <stevie.trujillo@gmail.com> said :
+
+	Running munin-2.0.25 on Gentoo. I observed this message in the logs
+
+	2016/07/26 21:57:54 [PERL WARNING] CGI::param called in list context
+	from /usr/libexec/munin/cgi/munin-cgi-graph line 450, this can lead to
+	vulnerabilities. See the warning in "Fetching the value or values of a
+	single named parameter" at /usr/lib64/perl5/vendor_perl/5.20.2/CGI.pm
+	line 404.
+
+	This allows injecting options into munin-cgi-graph (similar to
+	http://munin-monitoring.org/ticket/1238 ), by doing something like
+	this:
+
+	&upper_limit=500&upper_limit=--output-file&upper_limit=/tmp/test.txt
+
+	which wrote the graph to /tmp/test.txt
+
+Closes: #721, D:855705, CVE-2017-6188
+---
+ master/_bin/munin-cgi-graph.in | 22 ++++++++++++++--------
+ 1 file changed, 14 insertions(+), 8 deletions(-)
+
+Index: munin-2.0.25/master/_bin/munin-cgi-graph.in
+===================================================================
+--- munin-2.0.25.orig/master/_bin/munin-cgi-graph.in	2017-03-01 10:33:18.646609313 -0500
++++ munin-2.0.25/master/_bin/munin-cgi-graph.in	2017-03-01 10:33:18.642609266 -0500
+@@ -447,14 +447,20 @@
+ 		   '--output-file', $filename );
+ 
+     # Sets the correct size on a by_graph basis
+-    push @params, "--size_x", CGI::param("size_x")
+-      if (defined(CGI::param("size_x")));
+-    push @params, "--size_y", CGI::param("size_y")
+-      if (defined(CGI::param("size_y")));
+-    push @params, "--upper_limit", CGI::param("upper_limit")
+-      if (CGI::param("upper_limit"));
+-    push @params, "--lower_limit", CGI::param("lower_limit")
+-      if (CGI::param("lower_limit"));
++
++    # using a temporary variable to avoid expansion in list context and fix CVE-2017-6188
++    my $size_x = CGI::param("size_x");
++    push @params, "--size_x", $size_x if defined $size_x;
++
++    my $size_y = CGI::param("size_y");
++    push @params, "--size_y", $size_y if defined $size_y;
++
++    my $upper_limit = CGI::param("upper_limit");
++    push @params, "--upper_limit", $upper_limit if defined $upper_limit;
++
++    my $lower_limit = CGI::param("lower_limit");
++    push @params, "--lower_limit", $lower_limit if defined $lower_limit;
++
+ 
+     # Sometimes we want to set the IMG size, and not the canvas.
+     push @params, "--full_size_mode"
diff -Nru munin-2.0.25/debian/patches/series munin-2.0.25/debian/patches/series
--- munin-2.0.25/debian/patches/series	2015-08-30 08:07:44.000000000 +0000
+++ munin-2.0.25/debian/patches/series	2020-07-20 14:36:27.000000000 +0000
@@ -1 +1,5 @@
 0001-http_loadtime-plugin-Fix-several-bugs.patch
+CVE-2017-6188.patch
+CVE-2017-6188-2.patch
+CVE-2017-6188-3.patch
+0005-Do-not-report-speed-below-0-for-network-devices.patch