diff -Nru software-properties-0.99.2/add-apt-repository software-properties-0.99.3/add-apt-repository
--- software-properties-0.99.2/add-apt-repository	2020-08-06 11:54:09.000000000 +0000
+++ software-properties-0.99.3/add-apt-repository	2020-08-17 14:19:34.000000000 +0000
@@ -4,6 +4,7 @@
 
 import io
 import os
+import re
 import sys
 import gettext
 import locale
@@ -129,8 +130,11 @@
         '''Display more information about the shortcut / ppa info'''
         print(_("Repository: '%s'") % shortcut.SourceEntry().line)
         if shortcut.description:
+            # strip ANSI escape sequences
+            description = re.sub(r"(\x9B|\x1B\[)[0-?]*[ -/]*[@-~]",
+                                 "", shortcut.description)
             print(_("Description:"))
-            print(shortcut.description)
+            print(description)
         if shortcut.web_link:
             print(_("More info: %s") % shortcut.web_link)
         if self.options.remove:
diff -Nru software-properties-0.99.2/debian/changelog software-properties-0.99.3/debian/changelog
--- software-properties-0.99.2/debian/changelog	2020-08-06 20:29:12.000000000 +0000
+++ software-properties-0.99.3/debian/changelog	2020-08-17 14:19:34.000000000 +0000
@@ -1,3 +1,12 @@
+software-properties (0.99.3) groovy; urgency=medium
+
+  * SECURITY UPDATE: malicious repo could send ANSI sequences to terminal
+    (LP: #1890286)
+    - add-apt-repository: strip ANSI sequences from the description.
+    - CVE-2020-15709
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 17 Aug 2020 10:19:34 -0400
+
 software-properties (0.99.2) groovy; urgency=medium
 
   * softwareproperties/AptAuth.py,