diff -Nru util-linux-2.39.1/debian/changelog util-linux-2.39.1/debian/changelog
--- util-linux-2.39.1/debian/changelog	2023-10-05 21:27:31.000000000 +0000
+++ util-linux-2.39.1/debian/changelog	2024-04-09 15:31:56.000000000 +0000
@@ -1,3 +1,21 @@
+util-linux (2.39.1-4ubuntu2.2) mantic-security; urgency=medium
+
+  * SECURITY UPDATE: Improper neutralization of escape sequences in wall
+    - debian/rules: build with --disable-use-tty-group to properly remove
+      setgid bit from both wall and write.
+    - CVE-2024-28085
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 09 Apr 2024 11:31:56 -0400
+
+util-linux (2.39.1-4ubuntu2.1) mantic-security; urgency=medium
+
+  * SECURITY UPDATE: Improper neutralization of escape sequences in wall
+    - debian/patches/upstream/CVE-2024-28085.patch: consolidate output on
+      the terminal in term-utils/wall.c.
+    - CVE-2024-28085
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 22 Mar 2024 08:12:29 -0400
+
 util-linux (2.39.1-4ubuntu2) mantic; urgency=medium
 
   * Disable brand new feature with --disable-libmount-mountfd-support that
diff -Nru util-linux-2.39.1/debian/patches/series util-linux-2.39.1/debian/patches/series
--- util-linux-2.39.1/debian/patches/series	2023-08-11 17:39:16.000000000 +0000
+++ util-linux-2.39.1/debian/patches/series	2024-03-22 12:12:14.000000000 +0000
@@ -12,3 +12,4 @@
 ubuntu/sulogin-fallback-static-sh.patch
 ubuntu/sulogin-lockedpwd.patch
 ubuntu/lp-2030793-make-check-pidfd.patch
+upstream/CVE-2024-28085.patch
diff -Nru util-linux-2.39.1/debian/patches/upstream/CVE-2024-28085.patch util-linux-2.39.1/debian/patches/upstream/CVE-2024-28085.patch
--- util-linux-2.39.1/debian/patches/upstream/CVE-2024-28085.patch	1970-01-01 00:00:00.000000000 +0000
+++ util-linux-2.39.1/debian/patches/upstream/CVE-2024-28085.patch	2024-03-22 12:12:02.000000000 +0000
@@ -0,0 +1,23 @@
+From f86bbf07ca85640c886dacc4fba159570ddc1b4d Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 21 Mar 2024 11:16:20 +0100
+Subject: [PATCH] wall: consolidate output on the terminal
+
+Let's use for all cases the same output function.
+
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ term-utils/wall.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/term-utils/wall.c
++++ b/term-utils/wall.c
+@@ -328,7 +328,7 @@ static char *makemsg(char *fname, char *
+ 		int i;
+ 
+ 		for (i = 0; i < mvecsz; i++) {
+-			fputs(mvec[i], fs);
++			fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH);
+ 			if (i < mvecsz - 1)
+ 				fputc(' ', fs);
+ 		}
diff -Nru util-linux-2.39.1/debian/rules util-linux-2.39.1/debian/rules
--- util-linux-2.39.1/debian/rules	2023-10-05 21:27:24.000000000 +0000
+++ util-linux-2.39.1/debian/rules	2024-04-09 15:31:31.000000000 +0000
@@ -51,6 +51,9 @@
 # Keep hwclock as GPLv2 (and others)
 CONFOPTS += --disable-hwclock-gplv3
 
+# Reduce setgid programs (cf. CVE-2024-28085)
+CONFOPTS += --disable-use-tty-group
+
 # Get the list of binary package, except lib* and *-udeb, from
 # debian/control instead of hardcoding the list when installing
 # bash-completions below.