diff -Nru nginx-1.10.3/debian/changelog nginx-1.10.3/debian/changelog
--- nginx-1.10.3/debian/changelog	2019-08-14 18:48:49.000000000 +0000
+++ nginx-1.10.3/debian/changelog	2020-01-10 19:19:02.000000000 +0000
@@ -1,3 +1,13 @@
+nginx (1.10.3-0ubuntu0.16.04.5) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: request smuggling via error_page
+    - debian/patches/CVE-2019-20372.patch: discard request body when
+      redirecting to a URL via error_page in
+      src/http/ngx_http_special_response.c.
+    - CVE-2019-20372
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 10 Jan 2020 14:19:02 -0500
+
 nginx (1.10.3-0ubuntu0.16.04.4) xenial-security; urgency=medium
 
   * SECURITY UPDATE: HTTP/2 Data Dribble issue
diff -Nru nginx-1.10.3/debian/patches/CVE-2019-20372.patch nginx-1.10.3/debian/patches/CVE-2019-20372.patch
--- nginx-1.10.3/debian/patches/CVE-2019-20372.patch	1970-01-01 00:00:00.000000000 +0000
+++ nginx-1.10.3/debian/patches/CVE-2019-20372.patch	2020-01-10 19:18:59.000000000 +0000
@@ -0,0 +1,26 @@
+From c1be55f97211d38b69ac0c2027e6812ab8b1b94e Mon Sep 17 00:00:00 2001
+From: Ruslan Ermilov <ru@nginx.com>
+Date: Mon, 23 Dec 2019 15:45:46 +0300
+Subject: [PATCH] Discard request body when redirecting to a URL via
+ error_page.
+
+Reported by Bert JW Regeer and Francisco Oca Gonzalez.
+---
+ src/http/ngx_http_special_response.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/src/http/ngx_http_special_response.c
++++ b/src/http/ngx_http_special_response.c
+@@ -584,6 +584,12 @@ ngx_http_send_error_page(ngx_http_reques
+         return ngx_http_named_location(r, &uri);
+     }
+ 
++    r->expect_tested = 1;
++
++    if (ngx_http_discard_request_body(r) != NGX_OK) {
++        r->keepalive = 0;
++    }
++
+     location = ngx_list_push(&r->headers_out.headers);
+ 
+     if (location == NULL) {
diff -Nru nginx-1.10.3/debian/patches/series nginx-1.10.3/debian/patches/series
--- nginx-1.10.3/debian/patches/series	2019-08-14 18:48:40.000000000 +0000
+++ nginx-1.10.3/debian/patches/series	2020-01-10 19:18:55.000000000 +0000
@@ -8,3 +8,4 @@
 CVE-2019-9511.patch
 CVE-2019-9513.patch
 CVE-2019-9516.patch
+CVE-2019-20372.patch