diff -Nru unattended-upgrades-2.3/debian/changelog unattended-upgrades-2.3ubuntu0.1/debian/changelog
--- unattended-upgrades-2.3/debian/changelog	2020-04-13 22:37:21.000000000 +0000
+++ unattended-upgrades-2.3ubuntu0.1/debian/changelog	2020-07-21 15:20:12.000000000 +0000
@@ -1,3 +1,17 @@
+unattended-upgrades (2.3ubuntu0.1) focal; urgency=medium
+
+  [ Balint Reczey ]
+  * Fix checking if an upgrade/install marking succeeded.
+    The false negative result caused unattended-upgrades trying to apply
+    workarounds to upgrade/install the package using excessive amount of CPU
+    time. (Closes: #958883) (LP: #1877769)
+  * Fix indentation and type error (LP: #1883082)
+
+  [ Jose Manuel Santamaria Lema ]
+  * Fix crash occuring when strict whitelist is in use (LP: #1883082)
+
+ -- Balint Reczey <rbalint@ubuntu.com>  Tue, 21 Jul 2020 17:20:12 +0200
+
 unattended-upgrades (2.3) unstable; urgency=medium
 
   * Fix checking if Python regexp is also a POSIX regexp
diff -Nru unattended-upgrades-2.3/debian/control unattended-upgrades-2.3ubuntu0.1/debian/control
--- unattended-upgrades-2.3/debian/control	2020-04-13 22:37:21.000000000 +0000
+++ unattended-upgrades-2.3ubuntu0.1/debian/control	2020-07-21 15:20:12.000000000 +0000
@@ -1,5 +1,6 @@
 Source: unattended-upgrades
-Maintainer: Michael Vogt <mvo@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Michael Vogt <mvo@debian.org>
 Uploaders: Balint Reczey <rbalint@ubuntu.com>
 Section: admin
 Priority: optional
diff -Nru unattended-upgrades-2.3/test/unattended_upgrade.py unattended-upgrades-2.3ubuntu0.1/test/unattended_upgrade.py
--- unattended-upgrades-2.3/test/unattended_upgrade.py	2020-04-13 22:37:21.000000000 +0000
+++ unattended-upgrades-2.3ubuntu0.1/test/unattended_upgrade.py	2020-07-21 15:20:12.000000000 +0000
@@ -298,12 +298,15 @@
             # pin down already pinned packages which are not on the whitelist
             # to not install locally pinned up packages accidentally
             for pkg in self._cache.packages:
-                if pkg.has_versions \
-                   and policy.get_candidate_ver(pkg) > -1:  # type: ignore
-                    # the pin is higher than set for allowed origins, thus
-                    # there is extra pinning configuration
-                    if not is_pkgname_in_whitelist(pkg.name, self.whitelist):
-                        pins.append(PkgPin(pkg.name, NEVER_PIN))
+                if pkg.has_versions:
+                    pkg_ver = policy.get_candidate_ver(pkg)  # type: ignore
+                    if pkg_ver is not None \
+                       and policy.get_priority(pkg_ver) > -1:
+                        # the pin is higher than set for allowed origins, thus
+                        # there is extra pinning configuration
+                        if not is_pkgname_in_whitelist(pkg.name,
+                                                       self.whitelist):
+                            pins.append(PkgPin(pkg.name, NEVER_PIN))
 
         return pins
 
@@ -363,10 +366,9 @@
             self.clear()
             return False
 
-        return (((function == apt.package.Package.mark_upgrade)
-                 and pkg.marked_upgrade)
-                or ((function == apt.package.Package.mark_install)
-                    and pkg.marked_install))
+        return ((function == apt.package.Package.mark_upgrade
+                 or function == apt.package.Package.mark_install)
+                and (pkg.marked_upgrade or pkg.marked_install))
 
     def call_adjusted(self, function, pkg, **kwargs):
         """Call function, but with adjusting
diff -Nru unattended-upgrades-2.3/unattended-upgrade unattended-upgrades-2.3ubuntu0.1/unattended-upgrade
--- unattended-upgrades-2.3/unattended-upgrade	2020-04-13 22:37:21.000000000 +0000
+++ unattended-upgrades-2.3ubuntu0.1/unattended-upgrade	2020-07-21 15:20:12.000000000 +0000
@@ -298,12 +298,15 @@
             # pin down already pinned packages which are not on the whitelist
             # to not install locally pinned up packages accidentally
             for pkg in self._cache.packages:
-                if pkg.has_versions \
-                   and policy.get_candidate_ver(pkg) > -1:  # type: ignore
-                    # the pin is higher than set for allowed origins, thus
-                    # there is extra pinning configuration
-                    if not is_pkgname_in_whitelist(pkg.name, self.whitelist):
-                        pins.append(PkgPin(pkg.name, NEVER_PIN))
+                if pkg.has_versions:
+                    pkg_ver = policy.get_candidate_ver(pkg)  # type: ignore
+                    if pkg_ver is not None \
+                       and policy.get_priority(pkg_ver) > -1:
+                        # the pin is higher than set for allowed origins, thus
+                        # there is extra pinning configuration
+                        if not is_pkgname_in_whitelist(pkg.name,
+                                                       self.whitelist):
+                            pins.append(PkgPin(pkg.name, NEVER_PIN))
 
         return pins
 
@@ -363,10 +366,9 @@
             self.clear()
             return False
 
-        return (((function == apt.package.Package.mark_upgrade)
-                 and pkg.marked_upgrade)
-                or ((function == apt.package.Package.mark_install)
-                    and pkg.marked_install))
+        return ((function == apt.package.Package.mark_upgrade
+                 or function == apt.package.Package.mark_install)
+                and (pkg.marked_upgrade or pkg.marked_install))
 
     def call_adjusted(self, function, pkg, **kwargs):
         """Call function, but with adjusting