diff -Nru zeromq3-4.1.4/debian/changelog zeromq3-4.1.4/debian/changelog
--- zeromq3-4.1.4/debian/changelog	2016-03-14 20:42:34.000000000 +0000
+++ zeromq3-4.1.4/debian/changelog	2019-07-03 14:39:00.000000000 +0000
@@ -1,3 +1,14 @@
+zeromq3 (4.1.4-7ubuntu0.1) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: Unauthenticated client can cause a stack overflow on any
+    server that is supposed to be protected by encryption/authentication,
+    leading to a DoS (crash) or possibly other impact.
+    - debian/patches/CVE-2019-13132.patch: create buffers large enough to
+      contain arbitrary metadata.
+    - CVE-2019-13132
+
+ -- Eduardo Barretto <eduardo.barretto@canonical.com>  Wed, 03 Jul 2019 11:39:00 -0300
+
 zeromq3 (4.1.4-7) unstable; urgency=medium
 
   * Switch back libzmq5-dev package name to libzmq3-dev for the transition
diff -Nru zeromq3-4.1.4/debian/control zeromq3-4.1.4/debian/control
--- zeromq3-4.1.4/debian/control	2016-03-14 20:39:08.000000000 +0000
+++ zeromq3-4.1.4/debian/control	2019-07-03 15:02:00.000000000 +0000
@@ -1,7 +1,8 @@
 Source: zeromq3
 Section: libs
 Priority: optional
-Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
 Build-Depends: debhelper (>= 9),
  dh-autoreconf,
  libpgm-dev (>= 5.2.122~dfsg),
diff -Nru zeromq3-4.1.4/debian/patches/CVE-2019-13132.patch zeromq3-4.1.4/debian/patches/CVE-2019-13132.patch
--- zeromq3-4.1.4/debian/patches/CVE-2019-13132.patch	1970-01-01 00:00:00.000000000 +0000
+++ zeromq3-4.1.4/debian/patches/CVE-2019-13132.patch	2019-07-03 14:38:29.000000000 +0000
@@ -0,0 +1,100 @@
+From 6e24ae09d020ab505c1aab96e5ae91cca360e856 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@microsoft.com>
+Date: Tue, 2 Jul 2019 12:17:02 +0100
+Subject: [PATCH] Problem: application metadata not parsed correctly when using
+ CURVE
+
+Solution: create buffers large enough to contain arbitrary metadata
+---
+ src/curve_server.cpp | 34 ++++++++++++++++++++++++----------
+ 1 file changed, 24 insertions(+), 10 deletions(-)
+
+diff --git a/src/curve_server.cpp b/src/curve_server.cpp
+index e85b10b8..82915131 100644
+--- a/src/curve_server.cpp
++++ b/src/curve_server.cpp
+@@ -439,8 +439,12 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
+     const size_t clen = (msg_->size () - 113) + crypto_box_BOXZEROBYTES;
+ 
+     uint8_t initiate_nonce [crypto_box_NONCEBYTES];
+-    uint8_t initiate_plaintext [crypto_box_ZEROBYTES + 128 + 256];
+-    uint8_t initiate_box [crypto_box_BOXZEROBYTES + 144 + 256];
++    uint8_t *initiate_plaintext =
++      static_cast<uint8_t *> (malloc (crypto_box_ZEROBYTES + clen));
++    alloc_assert (initiate_plaintext);
++    uint8_t *initiate_box =
++      static_cast<uint8_t *> (malloc (crypto_box_BOXZEROBYTES + clen));
++    alloc_assert (initiate_box);
+ 
+     //  Open Box [C + vouch + metadata](C'->S')
+     memset (initiate_box, 0, crypto_box_BOXZEROBYTES);
+@@ -451,17 +455,18 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
+     memcpy (initiate_nonce + 16, initiate + 105, 8);
+     cn_peer_nonce = get_uint64(initiate + 105);
+ 
++    const uint8_t *client_key = initiate_plaintext + crypto_box_ZEROBYTES;
++
+     rc = crypto_box_open (initiate_plaintext, initiate_box,
+                           clen, initiate_nonce, cn_client, cn_secret);
+     if (rc != 0) {
+         //  Temporary support for security debugging
+         puts ("CURVE I: cannot open client INITIATE");
+         errno = EPROTO;
+-        return -1;
++        rc = -1;
++        goto exit;
+     }
+ 
+-    const uint8_t *client_key = initiate_plaintext + crypto_box_ZEROBYTES;
+-
+     uint8_t vouch_nonce [crypto_box_NONCEBYTES];
+     uint8_t vouch_plaintext [crypto_box_ZEROBYTES + 64];
+     uint8_t vouch_box [crypto_box_BOXZEROBYTES + 80];
+@@ -482,7 +487,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
+         //  Temporary support for security debugging
+         puts ("CURVE I: cannot open client INITIATE vouch");
+         errno = EPROTO;
+-        return -1;
++        rc = -1;
++        goto exit;
+     }
+ 
+     //  What we decrypted must be the client's short-term public key
+@@ -490,7 +496,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
+         //  Temporary support for security debugging
+         puts ("CURVE I: invalid handshake from client (public key)");
+         errno = EPROTO;
+-        return -1;
++        rc = -1;
++        goto exit;
+     }
+ 
+     //  Precompute connection secret from client key
+@@ -509,14 +516,21 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
+         else
+         if (errno == EAGAIN)
+             state = expect_zap_reply;
+-        else
+-            return -1;
++        else {
++            rc = -1;
++            goto exit;
++        }
+     }
+     else
+         state = send_ready;
+ 
+-    return parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 128,
++    rc = parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 128,
+                            clen - crypto_box_ZEROBYTES - 128);
++
++exit:
++    free (initiate_plaintext);
++    free (initiate_box);
++    return rc;
+ }
+ 
+ int zmq::curve_server_t::produce_ready (msg_t *msg_)
+-- 
+2.20.1
+
diff -Nru zeromq3-4.1.4/debian/patches/series zeromq3-4.1.4/debian/patches/series
--- zeromq3-4.1.4/debian/patches/series	2016-02-29 17:44:19.000000000 +0000
+++ zeromq3-4.1.4/debian/patches/series	2019-07-03 14:38:43.000000000 +0000
@@ -3,3 +3,4 @@
 sys_ucred_h.patch
 kfreebsd-support.patch
 gcc6-fix.patch
+CVE-2019-13132.patch