diff -Nru python-reportlab-3.3.0/debian/changelog python-reportlab-3.3.0/debian/changelog
--- python-reportlab-3.3.0/debian/changelog	2016-02-17 23:45:30.000000000 +0000
+++ python-reportlab-3.3.0/debian/changelog	2020-01-28 13:53:18.000000000 +0000
@@ -1,3 +1,12 @@
+python-reportlab (3.3.0-1ubuntu0.1) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: remote code execution via crafted XML document
+    - debian/patches/CVE-2019-17626.patch: safely parse color in
+      src/reportlab/lib/colors.py. Thanks to Marek Kasik for the patch!
+    - CVE-2019-17626
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 28 Jan 2020 08:53:18 -0500
+
 python-reportlab (3.3.0-1) unstable; urgency=medium
 
   * New upstream version.
diff -Nru python-reportlab-3.3.0/debian/control python-reportlab-3.3.0/debian/control
--- python-reportlab-3.3.0/debian/control	2016-02-17 23:44:39.000000000 +0000
+++ python-reportlab-3.3.0/debian/control	2020-01-28 13:53:30.000000000 +0000
@@ -1,7 +1,8 @@
 Source: python-reportlab
 Section: python
 Priority: optional
-Maintainer: Matthias Klose <doko@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Matthias Klose <doko@debian.org>
 Uploaders: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
 Standards-Version: 3.9.7
 XS-Python-Version: >= 2.4
diff -Nru python-reportlab-3.3.0/debian/patches/CVE-2019-17626.patch python-reportlab-3.3.0/debian/patches/CVE-2019-17626.patch
--- python-reportlab-3.3.0/debian/patches/CVE-2019-17626.patch	1970-01-01 00:00:00.000000000 +0000
+++ python-reportlab-3.3.0/debian/patches/CVE-2019-17626.patch	2020-01-28 13:53:10.000000000 +0000
@@ -0,0 +1,81 @@
+# HG changeset patch
+# User mkasik@redhat.com
+# Date 1580132768 -3600
+#      Mon Jan 27 14:46:08 2020 +0100
+# Node ID b47055e78d8b3e49e7bb5b9cdaa55d449b996764
+# Parent  9bb6ebf1b8473e3dc11740cbdce0d5dc1a1afae2
+Parse input string of toColor.__call__ for color classes
+
+It constructs respective object from the string then.
+This currently supports CMYKColor, PCMYKColor, CMYKColorSep
+and PCMYKColorSep.
+
+--- a/src/reportlab/lib/colors.py
++++ b/src/reportlab/lib/colors.py
+@@ -833,6 +833,53 @@ class cssParse:
+ 
+ cssParse=cssParse()
+ 
++def parseColorClassFromString(arg):
++    '''Parses known classes which holds color information from string
++    and constructs respective object.
++    It constructs CMYKColor, PCMYKColor, CMYKColorSep and PCMYKColorSep now.
++    '''
++
++    # Strips input string and splits it with {'(', ')', ','} delimiters
++    splitted = "".join(arg.split()).replace('(', ',').replace(')','').split(',')
++
++    # Creates a "fingerprint" of given string made of {'(', ')', ','} characters only.
++    fingerprint = ''.join(c for c in arg if c in set('(,)'))
++
++    if (len(splitted) > 0):
++        if (splitted[0] == 'Color'):
++            if (fingerprint == '(,,,)'):
++                try:
++                    return Color(*list(map(float, splitted[1:5])))
++                except:
++                    return None
++            elif (fingerprint == '(,,)'):
++                try:
++                    return Color(*list(map(float, splitted[1:4])))
++                except:
++                    return None
++        elif (splitted[0] == 'CMYKColor' and fingerprint == '(,,,)'):
++            try:
++                return CMYKColor(*list(map(float, splitted[1:5])))
++            except:
++                return None
++        elif (splitted[0] == 'PCMYKColor' and fingerprint == '(,,,)'):
++            try:
++                return PCMYKColor(*list(map(float, splitted[1:5])))
++            except:
++                return None
++        elif (splitted[0] == 'CMYKColorSep' and fingerprint == '(,,,)'):
++            try:
++                return CMYKColorSep(*list(map(float, splitted[1:5])))
++            except:
++                return None
++        elif (splitted[0] == 'PCMYKColorSep' and fingerprint == '(,,,)'):
++            try:
++                return PCMYKColorSep(*list(map(float, splitted[1:5])))
++            except:
++                return None
++    else:
++                return None
++
+ class toColor:
+ 
+     def __init__(self):
+@@ -858,10 +905,8 @@ class toColor:
+             C = getAllNamedColors()
+             s = arg.lower()
+             if s in C: return C[s]
+-            try:
+-                return toColor(eval(arg))
+-            except:
+-                pass
++            parsedColor = parseColorClassFromString(arg)
++            if (parsedColor): return parsedColor
+ 
+         try:
+             return HexColor(arg)
diff -Nru python-reportlab-3.3.0/debian/patches/series python-reportlab-3.3.0/debian/patches/series
--- python-reportlab-3.3.0/debian/patches/series	2014-08-11 21:31:18.000000000 +0000
+++ python-reportlab-3.3.0/debian/patches/series	2020-01-28 13:53:10.000000000 +0000
@@ -1 +1,2 @@
 gsfonts.diff
+CVE-2019-17626.patch