diff -Nru sysstat-11.2.0/debian/changelog sysstat-11.2.0/debian/changelog
--- sysstat-11.2.0/debian/changelog	2017-12-08 15:24:32.000000000 +0000
+++ sysstat-11.2.0/debian/changelog	2020-01-17 11:10:48.000000000 +0000
@@ -1,3 +1,12 @@
+sysstat (11.2.0-1ubuntu0.3) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: double free
+    - debian/patches/CVE-2019-19725.patch: adding a NULL to buffer after
+      first free in sa_common.c.
+    - CVE-2019-19725
+
+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Fri, 17 Jan 2020 08:09:36 -0300
+
 sysstat (11.2.0-1ubuntu0.2) xenial; urgency=medium
 
   * Add 14-fix-mtab-reading.patch to fix a crash occurring in sadc while
diff -Nru sysstat-11.2.0/debian/patches/CVE-2019-19725.patch sysstat-11.2.0/debian/patches/CVE-2019-19725.patch
--- sysstat-11.2.0/debian/patches/CVE-2019-19725.patch	1970-01-01 00:00:00.000000000 +0000
+++ sysstat-11.2.0/debian/patches/CVE-2019-19725.patch	2020-01-17 11:09:26.000000000 +0000
@@ -0,0 +1,20 @@
+From a5c8abd4a481ee6e27a3acf00e6d9b0f023e20ed Mon Sep 17 00:00:00 2001
+From: Sebastien GODARD <sysstat@users.noreply.github.com>
+Date: Mon, 9 Dec 2019 17:54:07 +0100
+Subject: [PATCH] Fix #242: Double free in check_file_actlst()
+
+Avoid freeing buffer() twice.
+
+Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
+diff --git a/sa_common.c b/sa_common.c
+index 8fec32c..56e1df4 100644
+--- a/sa_common.c
++++ b/sa_common.c
+@@ -1341,6 +1341,7 @@ void check_file_actlst(int *ifd, char *dfile, struct activity *act[],
+ 	 */
+ 	memcpy(file_hdr, buffer, FILE_HEADER_SIZE);
+ 	free(buffer);
++	buffer = NULL;
+ 
+ 	/*
+ 	 * Sanity check.
diff -Nru sysstat-11.2.0/debian/patches/series sysstat-11.2.0/debian/patches/series
--- sysstat-11.2.0/debian/patches/series	2017-12-08 15:24:32.000000000 +0000
+++ sysstat-11.2.0/debian/patches/series	2020-01-17 11:09:26.000000000 +0000
@@ -10,3 +10,4 @@
 12-isag-new-format-support.patch
 13-remove-sccsid.patch
 14-fix-mtab-reading.patch
+CVE-2019-19725.patch