diff -Nru sysstat-12.0.6/debian/changelog sysstat-12.0.6/debian/changelog
--- sysstat-12.0.6/debian/changelog	2019-08-18 11:05:20.000000000 +0000
+++ sysstat-12.0.6/debian/changelog	2020-01-17 13:30:48.000000000 +0000
@@ -1,3 +1,18 @@
+sysstat (12.0.6-1ubuntu0.1) eoan-security; urgency=medium
+
+  * SECURITY UPDATE: Integer overflow
+    - debian/patches/CVE-2019-16167.patch: Check that the number of fields
+      (long long integers, long integers or integers) as read from
+      a system activity binary datafile multiplied by its alignment width
+      doesn't overflow in sa_common.c.
+    - CVE-2019-16167
+  * SECURITY UPDATE: double free
+    - debian/patches/CVE-2019-19725.patch: adding a NULL to buffer after
+      first free in sa_common.c.
+    - CVE-2019-19725
+
+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Fri, 17 Jan 2020 10:30:48 -0300
+
 sysstat (12.0.6-1) unstable; urgency=medium
 
   * New upstream stable version.
diff -Nru sysstat-12.0.6/debian/control sysstat-12.0.6/debian/control
--- sysstat-12.0.6/debian/control	2019-08-18 11:05:20.000000000 +0000
+++ sysstat-12.0.6/debian/control	2020-01-17 13:30:48.000000000 +0000
@@ -1,7 +1,8 @@
 Source: sysstat
 Section: admin
 Priority: optional
-Maintainer: Robert Luberda <robert@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Robert Luberda <robert@debian.org>
 Build-Depends: debhelper (>= 12), gettext, libsensors4-dev, pkg-config
 Standards-Version: 4.4.0
 Rules-Requires-Root: no
diff -Nru sysstat-12.0.6/debian/patches/CVE-2019-16167.patch sysstat-12.0.6/debian/patches/CVE-2019-16167.patch
--- sysstat-12.0.6/debian/patches/CVE-2019-16167.patch	1970-01-01 00:00:00.000000000 +0000
+++ sysstat-12.0.6/debian/patches/CVE-2019-16167.patch	2020-01-17 13:30:28.000000000 +0000
@@ -0,0 +1,51 @@
+From edbf507678bf10914e9804ff8a06737fdcb2e781 Mon Sep 17 00:00:00 2001
+From: Sebastien GODARD <sysstat@users.noreply.github.com>
+Date: Tue, 13 Aug 2019 14:53:29 +0200
+Subject: [PATCH] Fix #230: Memory corruption bug due to Integer Overflow in
+ remap_struct()
+
+(See problem description in issue #230.)
+Check that the number of fields (long long integers, long integers or
+integers) as read from a system activity binary datafile multiplied by
+its alignment width doesn't overflow, i.e. the result must not be
+smaller than the number of fields.
+
+Reported-by: Ren Kimura
+Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
+diff --git a/sa_common.c b/sa_common.c
+index 3f19acb..e8853d2 100644
+--- a/sa_common.c
++++ b/sa_common.c
+@@ -1298,6 +1298,10 @@ void remap_struct(unsigned int gtypes_nr[], unsigned int ftypes_nr[],
+ 	/* Remap [unsigned] long fields */
+ 	d = gtypes_nr[0] - ftypes_nr[0];
+ 	if (d) {
++		if (ftypes_nr[0] * ULL_ALIGNMENT_WIDTH < ftypes_nr[0])
++			/* Overflow */
++			return;
++
+ 		n = MINIMUM(f_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH,
+ 			    g_size - gtypes_nr[0] * ULL_ALIGNMENT_WIDTH);
+ 		if ((ftypes_nr[0] * ULL_ALIGNMENT_WIDTH >= b_size) ||
+@@ -1314,6 +1318,10 @@ void remap_struct(unsigned int gtypes_nr[], unsigned int ftypes_nr[],
+ 	/* Remap [unsigned] int fields */
+ 	d = gtypes_nr[1] - ftypes_nr[1];
+ 	if (d) {
++		if (ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1])
++			/* Overflow */
++			return;
++
+ 		n = MINIMUM(f_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH
+ 				   - ftypes_nr[1] * UL_ALIGNMENT_WIDTH,
+ 			    g_size - gtypes_nr[0] * ULL_ALIGNMENT_WIDTH
+@@ -1338,6 +1346,10 @@ void remap_struct(unsigned int gtypes_nr[], unsigned int ftypes_nr[],
+ 	/* Remap possible fields (like strings of chars) following int fields */
+ 	d = gtypes_nr[2] - ftypes_nr[2];
+ 	if (d) {
++		if (ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2])
++			/* Overflow */
++			return;
++
+ 		n = MINIMUM(f_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH
+ 				   - ftypes_nr[1] * UL_ALIGNMENT_WIDTH
+ 				   - ftypes_nr[2] * U_ALIGNMENT_WIDTH,
diff -Nru sysstat-12.0.6/debian/patches/CVE-2019-19725.patch sysstat-12.0.6/debian/patches/CVE-2019-19725.patch
--- sysstat-12.0.6/debian/patches/CVE-2019-19725.patch	1970-01-01 00:00:00.000000000 +0000
+++ sysstat-12.0.6/debian/patches/CVE-2019-19725.patch	2020-01-17 13:30:40.000000000 +0000
@@ -0,0 +1,24 @@
+From a5c8abd4a481ee6e27a3acf00e6d9b0f023e20ed Mon Sep 17 00:00:00 2001
+From: Sebastien GODARD <sysstat@users.noreply.github.com>
+Date: Mon, 9 Dec 2019 17:54:07 +0100
+Subject: [PATCH] Fix #242: Double free in check_file_actlst()
+
+Avoid freeing buffer() twice.
+
+Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
+---
+ sa_common.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+Index: sysstat-12.0.6/sa_common.c
+===================================================================
+--- sysstat-12.0.6.orig/sa_common.c
++++ sysstat-12.0.6/sa_common.c
+@@ -2002,6 +2002,7 @@ void check_file_actlst(int *ifd, char *d
+ 	}
+ 
+ 	free(buffer);
++	buffer = NULL;
+ 
+ 	/* Check that at least one activity selected by the user is available in file */
+ 	for (i = 0; i < NR_ACT; i++) {
diff -Nru sysstat-12.0.6/debian/patches/series sysstat-12.0.6/debian/patches/series
--- sysstat-12.0.6/debian/patches/series	2019-08-18 11:05:20.000000000 +0000
+++ sysstat-12.0.6/debian/patches/series	2020-01-17 13:30:36.000000000 +0000
@@ -7,3 +7,5 @@
 08-scripts.patch
 09-enable-colors.patch
 10-ignore-ut-failures.patch
+CVE-2019-16167.patch
+CVE-2019-19725.patch