diff -Nru xterm-353/debian/changelog xterm-353/debian/changelog
--- xterm-353/debian/changelog	2021-02-11 14:13:31.000000000 +0000
+++ xterm-353/debian/changelog	2021-02-22 17:59:13.000000000 +0000
@@ -1,11 +1,13 @@
-xterm (353-1ubuntu1.20.10.1) groovy-security; urgency=medium
+xterm (353-1ubuntu1.20.10.2) groovy-security; urgency=medium
 
   * SECURITY UPDATE: crash when handling crafted unicode content
     - debian/patches/CVE-2021-27135.patch: correct upper-limit for
       selection buffer, accounting for combining characters in button.c.
+    - debian/patches/CVE-2021-27135-2.patch: check realloc return code,
+      add some casts in button.c.
     - CVE-2021-27135
 
- -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 11 Feb 2021 09:13:31 -0500
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 22 Feb 2021 12:59:13 -0500
 
 xterm (353-1ubuntu1) focal; urgency=medium
 
diff -Nru xterm-353/debian/patches/CVE-2021-27135-2.patch xterm-353/debian/patches/CVE-2021-27135-2.patch
--- xterm-353/debian/patches/CVE-2021-27135-2.patch	1970-01-01 00:00:00.000000000 +0000
+++ xterm-353/debian/patches/CVE-2021-27135-2.patch	2021-02-22 17:59:13.000000000 +0000
@@ -0,0 +1,63 @@
+Backport of:
+
+From f80e543c6dee5ecfe54c58d351fe418ce5f1959b Mon Sep 17 00:00:00 2001
+From: "Thomas E. Dickey" <dickey@invisible-island.net>
+Date: Wed, 10 Feb 2021 01:14:51 +0000
+Subject: [PATCH] snapshot of project "xterm", label xterm-365e
+
+---
+ MANIFEST       |  2 +-
+ button.c       | 24 +++++++++++++++---------
+ charproc.c     |  6 +++---
+ main.c         |  4 ++--
+ misc.c         |  6 +++---
+ xterm.log.html |  6 +++++-
+ 6 files changed, 29 insertions(+), 19 deletions(-)
+
+--- a/button.c
++++ b/button.c
+@@ -4011,14 +4011,20 @@ SaltTextAway(XtermWidget xw,
+      * the estimate is too-far off.
+      */
+     if ((have * 2) < (size_t) need) {
++	Char *next;
+ 	scp->data_limit = have + 1;
+-	line = realloc(line, scp->data_limit);
++	next = realloc(line, scp->data_limit);
++	if (next == NULL) {
++	    free(line);
++	    scp->data_length = 0;
++	    scp->data_limit = 0;
++	}
++	scp->data_buffer = next;
+     }
++    scp->data_length = have;
+ 
+     TRACE(("Salted TEXT:%u:%s\n", (unsigned) have,
+-	   visibleChars(line, (unsigned) have)));
+-
+-    scp->data_length = have;
++	   visibleChars(scp->data_buffer, (unsigned) have)));
+ }
+ 
+ #if OPT_PASTE64
+@@ -4502,7 +4508,7 @@ _OwnSelection(XtermWidget xw,
+ 	    scp = &(screen->selected_cells[CutBufferToCode(cutbuffer)]);
+ 	    if (scp->data_length > limit) {
+ 		TRACE(("selection too big (%lu bytes), not storing in CUT_BUFFER%d\n",
+-		       scp->data_length, cutbuffer));
++		       (unsigned long) scp->data_length, cutbuffer));
+ 		xtermWarning("selection too big (%lu bytes), not storing in CUT_BUFFER%d\n",
+ 			     (unsigned long) scp->data_length, cutbuffer);
+ 	    } else {
+@@ -4558,8 +4564,8 @@ _OwnSelection(XtermWidget xw,
+ 				   SelectionDone);
+ 	    }
+ 	}
+-	TRACE(("... _OwnSelection used length %ld value %s\n",
+-	       scp->data_length,
++	TRACE(("... _OwnSelection used length %lu value %s\n",
++	       (unsigned long) scp->data_length,
+ 	       visibleChars(scp->data_buffer,
+ 			    (unsigned) scp->data_length)));
+     }
diff -Nru xterm-353/debian/patches/series xterm-353/debian/patches/series
--- xterm-353/debian/patches/series	2021-02-11 14:13:22.000000000 +0000
+++ xterm-353/debian/patches/series	2021-02-22 17:59:13.000000000 +0000
@@ -4,3 +4,4 @@
 950_ubuntu_charclass_highlight.diff
 951_uxterm_utf8_title.diff
 CVE-2021-27135.patch
+CVE-2021-27135-2.patch