diff -Nru zeromq3-4.2.5/debian/changelog zeromq3-4.2.5/debian/changelog
--- zeromq3-4.2.5/debian/changelog	2018-08-25 17:46:56.000000000 +0000
+++ zeromq3-4.2.5/debian/changelog	2019-01-15 14:45:20.000000000 +0000
@@ -1,3 +1,14 @@
+zeromq3 (4.2.5-2ubuntu0.1) cosmic-security; urgency=medium
+
+  * SECURITY UPDATE: Integer overflow allows an authenticated attacker to
+    overwrite an arbitrary amount of bytes beyond the bounds of a buffer,
+    which can be leveraged to run arbitrary code on the target system.
+    - debian/patches/CVE-2019-6250.patch: Refactor bounds check arithmetic
+      such that no overflow shall occur.
+    - CVE-2019-6250
+
+ -- Eduardo Barretto <eduardo.barretto@canonical.com>  Tue, 15 Jan 2019 12:45:20 -0200
+
 zeromq3 (4.2.5-2) unstable; urgency=medium
 
   * Update Standards-Version to 4.1.5 .
diff -Nru zeromq3-4.2.5/debian/control zeromq3-4.2.5/debian/control
--- zeromq3-4.2.5/debian/control	2018-08-25 17:46:56.000000000 +0000
+++ zeromq3-4.2.5/debian/control	2019-01-15 14:45:20.000000000 +0000
@@ -1,7 +1,8 @@
 Source: zeromq3
 Section: libs
 Priority: optional
-Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
 Build-Depends: debhelper (>= 11),
  libpgm-dev (>= 5.2.122~dfsg),
  libsodium-dev,
diff -Nru zeromq3-4.2.5/debian/patches/CVE-2019-6250.patch zeromq3-4.2.5/debian/patches/CVE-2019-6250.patch
--- zeromq3-4.2.5/debian/patches/CVE-2019-6250.patch	1970-01-01 00:00:00.000000000 +0000
+++ zeromq3-4.2.5/debian/patches/CVE-2019-6250.patch	2019-01-15 14:45:04.000000000 +0000
@@ -0,0 +1,20 @@
+Author: Guido Vranken <guidovranken@gmail.com>
+Description: pointer overflow in zmq::v2_decoder_t::size_ready
+ leading to remote code execution (issue #3351).
+ Refactor bounds check arithmetic such that no overflow shall occur
+Origin: https://github.com/zeromq/libzmq/pull/3353
+Applied-Upstream: 1a2ed12716693073032d57dac4e269df3d373751
+--- a/src/v2_decoder.cpp
++++ b/src/v2_decoder.cpp
+@@ -114,9 +114,8 @@ int zmq::v2_decoder_t::size_ready (uint64_t msg_size,
+     // the current message can exceed the current buffer. We have to copy the buffer
+     // data into a new message and complete it in the next receive.
+ 
+-    if (unlikely (
+-          !zero_copy
+-          || ((unsigned char *) read_pos + msg_size > (data () + size ())))) {
++    if (unlikely (!zero_copy
++                  || msg_size > (size_t) (data () + size () - read_pos))) {
+         // a new message has started, but the size would exceed the pre-allocated arena
+         // this happens every time when a message does not fit completely into the buffer
+         rc = in_progress.init_size (static_cast<size_t> (msg_size));
diff -Nru zeromq3-4.2.5/debian/patches/series zeromq3-4.2.5/debian/patches/series
--- zeromq3-4.2.5/debian/patches/series	2018-08-25 17:46:56.000000000 +0000
+++ zeromq3-4.2.5/debian/patches/series	2019-01-15 14:45:04.000000000 +0000
@@ -1,3 +1,4 @@
 disable-test_security_curve.patch
 #no-hardcoded-port-in-tests.patch
 fix-symbols-export.patch
+CVE-2019-6250.patch