diff -Nru software-properties-0.96.24.32.13/add-apt-repository software-properties-0.96.24.32.14/add-apt-repository
--- software-properties-0.96.24.32.13/add-apt-repository	2019-07-12 13:59:10.000000000 +0000
+++ software-properties-0.96.24.32.14/add-apt-repository	2020-08-07 14:07:37.000000000 +0000
@@ -4,6 +4,7 @@
 
 import io
 import os
+import re
 import sys
 import gettext
 import locale
@@ -146,7 +147,11 @@
             print(e)
             sys.exit(1)
 
-        print(" %s" % (info["description"] or ""))
+        # strip ANSI escape sequences
+        description = re.sub(r"(\x9B|\x1B\[)[0-?]*[ -/]*[@-~]",
+                             "", info["description"] or "")
+
+        print(" %s" % description)
         print(_(" More info: %s") % str(info["web_link"]))
         if (sys.stdin.isatty() and
             not "FORCE_ADD_APT_REPOSITORY" in os.environ):
diff -Nru software-properties-0.96.24.32.13/debian/changelog software-properties-0.96.24.32.14/debian/changelog
--- software-properties-0.96.24.32.13/debian/changelog	2020-05-08 14:47:19.000000000 +0000
+++ software-properties-0.96.24.32.14/debian/changelog	2020-08-07 14:07:43.000000000 +0000
@@ -1,3 +1,12 @@
+software-properties (0.96.24.32.14) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: malicious repo could send ANSI sequences to terminal
+    (LP: #1890286)
+    - add-apt-repository: strip ANSI sequences from the description.
+    - CVE-2020-15709
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 07 Aug 2020 10:07:43 -0400
+
 software-properties (0.96.24.32.13) bionic; urgency=medium
 
   * softwareproperties/gtk/SoftwarePropertiesGtk.py: