diff --git a/debian/changelog b/debian/changelog
index 2376803..65f6e1e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,25 @@
+mariadb-10.0 (10.0.20-0ubuntu0.15.04.1) vivid-security; urgency=low
+
+  * SECURITY UPDATE: Update to 10.0.20 (via .18 and .19) fixes security issues:
+    - CVE-2015-3152: Client command line option --ssl-verify-server-cert (and
+      MYSQL_OPT_SSL_VERIFY_SERVER_CERT option of the client API) when used
+      together with --ssl will ensure that the established connection is
+      SSL-encrypted and the MariaDB server has a valid certificate.
+      (LP: #1464895)
+    - CVE-2014-8964 bundled PCRE contained heap-based buffer overflow
+      vulnerability that allowed the server to crash or have other unspecified
+      impact via a crafted regular expression made possible with the
+      REGEXP_SUBSTR function (MDEV-8006).
+    - CVE-2015-0501
+    - CVE-2015-2571
+    - CVE-2015-0505
+    - CVE-2015-0499
+    (LP: #1451677)
+  * New release includes fix for memory corruption on arm64 (LP: #1427406)
+  * Upstream also includes lots of line ending changes (from CRLF -> LF)
+
+ -- Otto Kekäläinen <otto@seravo.fi>  Fri, 03 Jul 2015 17:39:42 +0300
+
 mariadb-10.0 (10.0.17-0ubuntu1) vivid; urgency=medium
 
   * New upstream microrelease.
diff --git a/debian/gbp.conf b/debian/gbp.conf
index bd69fd3..8e3c8c0 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,3 +1,3 @@
 [DEFAULT]
-debian-branch = master
+debian-branch = ubuntu-15.04
 pristine-tar = True
diff --git a/debian/patches/fix-spelling-errors.patch b/debian/patches/fix-spelling-errors.patch
index 45f77a1..214b450 100644
--- a/debian/patches/fix-spelling-errors.patch
+++ b/debian/patches/fix-spelling-errors.patch
@@ -4,7 +4,7 @@ Last-Update: 2014-10-02
 
 --- mariadb-10.0-10.0.13.orig/storage/connect/tabxml.cpp
 +++ mariadb-10.0-10.0.13/storage/connect/tabxml.cpp
-@@ -1490,7 +1490,7 @@ void XMULCOL::ReadColumn(PGLOBAL g)
+@@ -1798,7 +1798,7 @@ void XMULCOL::ReadColumn(PGLOBAL g)
  
        if (N > Tdbp->Limit) {
          N = Tdbp->Limit;
diff --git a/debian/patches/mysql-test__db_test.patch b/debian/patches/mysql-test__db_test.patch
index 082a6f4..caedeef 100644
--- a/debian/patches/mysql-test__db_test.patch
+++ b/debian/patches/mysql-test__db_test.patch
@@ -6,7 +6,7 @@
 ## DP: suite depends on them.
 --- old/mysql-test/mysql-test-run.pl	2009-06-16 14:24:09.000000000 +0200
 +++ new/mysql-test/mysql-test-run.pl	2009-07-04 00:03:34.000000000 +0200
-@@ -3588,6 +3588,11 @@ sub mysql_install_db {
+@@ -3602,6 +3602,11 @@ sub mysql_install_db {
      mtr_appendfile_to_file("$sql_dir/mysql_system_tables_data.sql",
  			   $bootstrap_sql_file);
  
diff --git a/debian/patches/scripts__mysqld_safe.sh__signals.patch b/debian/patches/scripts__mysqld_safe.sh__signals.patch
index d9172a1..ff66f05 100644
--- a/debian/patches/scripts__mysqld_safe.sh__signals.patch
+++ b/debian/patches/scripts__mysqld_safe.sh__signals.patch
@@ -6,7 +6,7 @@
 
 --- a/scripts/mysqld_safe.sh	2013-01-11 16:02:41 +0000
 +++ b/scripts/mysqld_safe.sh	2013-01-11 16:03:14 +0000
-@@ -32,7 +32,6 @@ err_log=
+@@ -33,7 +33,6 @@ err_log=
  syslog_tag_mysqld=mysqld
  syslog_tag_mysqld_safe=mysqld_safe
  
@@ -14,7 +14,7 @@
  
  # MySQL-specific environment variable. First off, it's not really a umask,
  # it's the desired mode. Second, it follows umask(2), not umask(3) in that
-@@ -163,7 +162,7 @@ eval_log_error () {
+@@ -164,7 +163,7 @@ eval_log_error () {
        # sed buffers output (only GNU sed supports a -u (unbuffered) option)
        # which means that messages may not get sent to syslog until the
        # mysqld process quits.
@@ -23,7 +23,7 @@
        ;;
      *)
        echo "Internal program error (non-fatal):" \
-@@ -795,6 +794,13 @@ then
+@@ -806,6 +805,13 @@ then
  fi
  
  #
diff --git a/debian/po/cs.po b/debian/po/cs.po
index 5183fea..9453776 100644
--- a/debian/po/cs.po
+++ b/debian/po/cs.po
@@ -1,16 +1,16 @@
-# 
-#    Translators, if you are not familiar with the PO format, gettext
-#    documentation is worth reading, especially sections dedicated to
-#    this format, e.g. by running:
-#         info -n '(gettext)PO Files'
-#         info -n '(gettext)Header Entry'
-# 
-#    Some information specific to po-debconf are available at
-#            /usr/share/doc/po-debconf/README-trans
-#         or http://www.debian.org/intl/l10n/po-debconf/README-trans
-# 
-#    Developers do not need to manually edit POT or PO files.
-# 
+# 
+#    Translators, if you are not familiar with the PO format, gettext
+#    documentation is worth reading, especially sections dedicated to
+#    this format, e.g. by running:
+#         info -n '(gettext)PO Files'
+#         info -n '(gettext)Header Entry'
+# 
+#    Some information specific to po-debconf are available at
+#            /usr/share/doc/po-debconf/README-trans
+#         or http://www.debian.org/intl/l10n/po-debconf/README-trans
+# 
+#    Developers do not need to manually edit POT or PO files.
+# 
 msgid ""
 msgstr ""
 "Project-Id-Version: mariadb-10.0\n"
diff --git a/debian/po/it.po b/debian/po/it.po
index b02695b..1b22dbc 100644
--- a/debian/po/it.po
+++ b/debian/po/it.po
@@ -1,7 +1,7 @@
-# Italian (it) translation of debconf templates for mariadb-10.0
-# This file is distributed under the same license as the mariadb-10.0 package.
-# Luca Monducci <luca.mo@tiscali.it>, 2006-2014.
-# 
+# Italian (it) translation of debconf templates for mariadb-10.0
+# This file is distributed under the same license as the mariadb-10.0 package.
+# Luca Monducci <luca.mo@tiscali.it>, 2006-2014.
+# 
 msgid ""
 msgstr ""
 "Project-Id-Version: mariadb-10.0 10.0.13 italian debconf templates\n"
diff --git a/debian/po/nl.po b/debian/po/nl.po
index effe655..c733ef0 100644
--- a/debian/po/nl.po
+++ b/debian/po/nl.po
@@ -1,9 +1,9 @@
-# Dutch mariadb-10.0 po-debconf translation,
-# Copyright (C) 2006 THE PACKAGE'S COPYRIGHT HOLDER
-# This file is distributed under the same license as the mariadb-10.0 package.
-# Vincent Zweije <zweije@xs4all.nl>, 2006.
-# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2014.
-# 
+# Dutch mariadb-10.0 po-debconf translation,
+# Copyright (C) 2006 THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the mariadb-10.0 package.
+# Vincent Zweije <zweije@xs4all.nl>, 2006.
+# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2014.
+# 
 msgid ""
 msgstr ""
 "Project-Id-Version: mysql-dfsg-5.1 5.0.30-1\n"
diff --git a/debian/po/pt.po b/debian/po/pt.po
index 3afce95..268a35f 100644
--- a/debian/po/pt.po
+++ b/debian/po/pt.po
@@ -1,8 +1,8 @@
-# Portuguese translation for mysql-dfsg-5.1's debconf messages
-# Copyright (C) 2006 Miguel Figueiredo <elmig@debianpt.org>
-# This file is distributed under the same license as the mysql-dfsg-5.1 package.
-# Miguel Figueiredo <elmig@debianpt.org>, 2014
-# 
+# Portuguese translation for mysql-dfsg-5.1's debconf messages
+# Copyright (C) 2006 Miguel Figueiredo <elmig@debianpt.org>
+# This file is distributed under the same license as the mysql-dfsg-5.1 package.
+# Miguel Figueiredo <elmig@debianpt.org>, 2014
+# 
 msgid ""
 msgstr ""
 "Project-Id-Version: mysql-dfsg-5.1\n"