diff -Nru uw-imap-2007f~dfsg/debian/changelog uw-imap-2007f~dfsg/debian/changelog
--- uw-imap-2007f~dfsg/debian/changelog	2014-10-24 20:41:09.000000000 +0000
+++ uw-imap-2007f~dfsg/debian/changelog	2019-10-21 15:01:20.000000000 +0000
@@ -1,3 +1,20 @@
+uw-imap (8:2007f~dfsg-4+deb8u1build0.16.04.1) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: Sync from Debian.
+    - Fixes CVE-2018-19518.
+
+ -- Eduardo Barretto <eduardo.barretto@canonical.com>  Thu, 17 Oct 2019 10:44:44 -0300
+
+uw-imap (8:2007f~dfsg-4+deb8u1) jessie-security; urgency=high
+
+  * Non-maintainer upload by the LTS Team.
+  * [CVE-2018-19518] 2013_disable_rsh.patch (new): Disable access to IMAP
+    mailboxes through running imapd over rsh, and therefore ssh (Closes:
+    #914632). Code using the library can enable it with tcp_parameters()
+    after making sure that the IMAP server name is sanitized.
+
+ -- Roberto C. Sanchez <roberto@debian.org>  Fri, 01 Mar 2019 00:01:06 -0500
+
 uw-imap (8:2007f~dfsg-4) unstable; urgency=medium
 
   * 2012_krb5_multidev.patch: Fix typo mixing up --cflags and --libs
diff -Nru uw-imap-2007f~dfsg/debian/patches/2013_disable_rsh.patch uw-imap-2007f~dfsg/debian/patches/2013_disable_rsh.patch
--- uw-imap-2007f~dfsg/debian/patches/2013_disable_rsh.patch	1970-01-01 00:00:00.000000000 +0000
+++ uw-imap-2007f~dfsg/debian/patches/2013_disable_rsh.patch	2019-03-01 05:01:06.000000000 +0000
@@ -0,0 +1,11 @@
+--- a/src/osdep/unix/Makefile
++++ b/src/osdep/unix/Makefile
+@@ -985,7 +985,7 @@ onceenv:
+ 	 -DMD5ENABLE=\"$(MD5PWD)\" -DMAILSPOOL=\"$(MAILSPOOL)\" \
+ 	 -DANONYMOUSHOME=\"$(MAILSPOOL)/anonymous\" \
+ 	 -DACTIVEFILE=\"$(ACTIVEFILE)\" -DNEWSSPOOL=\"$(NEWSSPOOL)\" \
+-	 -DRSHPATH=\"$(RSHPATH)\" -DLOCKPGM=\"$(LOCKPGM)\" \
++	 -DLOCKPGM=\"$(LOCKPGM)\" \
+ 	 -DLOCKPGM1=\"$(LOCKPGM1)\" -DLOCKPGM2=\"$(LOCKPGM2)\" \
+ 	 -DLOCKPGM3=\"$(LOCKPGM3)\" > OSCFLAGS
+ 	echo $(BASELDFLAGS) $(EXTRALDFLAGS) > LDFLAGS
diff -Nru uw-imap-2007f~dfsg/debian/patches/series uw-imap-2007f~dfsg/debian/patches/series
--- uw-imap-2007f~dfsg/debian/patches/series	2014-10-24 20:41:09.000000000 +0000
+++ uw-imap-2007f~dfsg/debian/patches/series	2019-03-01 05:01:06.000000000 +0000
@@ -8,3 +8,4 @@
 2011_disable_version_check.patch
 2012_krb5_multidev.patch
 1005_poll.patch
+2013_disable_rsh.patch