diff -Nru python-pip-9.0.1/debian/changelog python-pip-9.0.1/debian/changelog
--- python-pip-9.0.1/debian/changelog	2023-02-28 09:48:00.000000000 +0000
+++ python-pip-9.0.1/debian/changelog	2023-03-02 14:03:51.000000000 +0000
@@ -1,3 +1,11 @@
+python-pip (9.0.1-2.3~ubuntu1.18.04.8) bionic-security; urgency=medium
+
+  * SECURITY REGRESSION: fix regex in wheel.py
+    - debian/patches/CVE-2022-40898.patch: Fix wheel regex to match
+      upstream pip regex instead of upstream wheel regex. 
+
+ -- David Fernandez Gonzalez <david.fernandezgonzalez@canonical.com>  Thu, 02 Mar 2023 15:03:51 +0100
+
 python-pip (9.0.1-2.3~ubuntu1.18.04.7) bionic-security; urgency=medium
 
   * SECURITY UPDATE: ReDOS in wheel.py
diff -Nru python-pip-9.0.1/debian/patches/CVE-2022-40898.patch python-pip-9.0.1/debian/patches/CVE-2022-40898.patch
--- python-pip-9.0.1/debian/patches/CVE-2022-40898.patch	2023-02-28 09:47:56.000000000 +0000
+++ python-pip-9.0.1/debian/patches/CVE-2022-40898.patch	2023-03-02 14:03:26.000000000 +0000
@@ -16,8 +16,8 @@
      wheel_file_re = re.compile(
 -        r"""^(?P<namever>(?P<name>.+?)-(?P<ver>\d.*?))
 -        ((-(?P<build>\d.*?))?-(?P<pyver>.+?)-(?P<abi>.+?)-(?P<plat>.+?)
-+        r"""^(?P<namever>(?P<name>[^-]+?)(-(?P<ver>\d[^-]+?))?)
-+        ((-(?P<build>\d[^-]*?))?-(?P<pyver>[^-]+?)-(?P<abi>[^-]+?)-(?P<plat>[^.]+?)
++        r"""^(?P<namever>(?P<name>[^\s-]+?)-(?P<ver>[^\s-]*?))
++        ((-(?P<build>\d[^-]*?))?-(?P<pyver>[^\s-]+?)-(?P<abi>[^\s-]+?)-(?P<plat>[^\s-]+?)
          \.whl|\.dist-info)$""",
          re.VERBOSE
      )