diff -Nru firejail-0.9.62/debian/changelog firejail-0.9.62/debian/changelog
--- firejail-0.9.62/debian/changelog	2020-01-20 18:53:34.000000000 +0000
+++ firejail-0.9.62/debian/changelog	2021-03-27 15:20:50.000000000 +0000
@@ -1,3 +1,12 @@
+firejail (0.9.62-3ubuntu0.1) focal-security; urgency=low
+
+  * SECURITY UPDATE: bypass of access restrictions (LP: #1916767)
+    - disable OverlayFS support which contains a TOCTOU race condition
+      between a stat operation and an OverlayFS mount.
+    - CVE-2021-26910
+
+ -- Reiner Herrmann <reiner@reiner-h.de>  Sat, 27 Mar 2021 15:20:50 +0000
+
 firejail (0.9.62-3) unstable; urgency=medium
 
   * Import upstream profile fixes:
diff -Nru firejail-0.9.62/debian/control firejail-0.9.62/debian/control
--- firejail-0.9.62/debian/control	2020-01-01 19:14:43.000000000 +0000
+++ firejail-0.9.62/debian/control	2021-03-27 15:18:59.000000000 +0000
@@ -1,7 +1,8 @@
 Source: firejail
 Section: utils
 Priority: optional
-Maintainer: Reiner Herrmann <reiner@reiner-h.de>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Reiner Herrmann <reiner@reiner-h.de>
 Build-Depends: debhelper-compat (= 12), dh-apparmor, libapparmor-dev, pkg-config
 Standards-Version: 4.4.1
 Rules-Requires-Root: no
diff -Nru firejail-0.9.62/debian/patches/CVE-2021-26910.patch firejail-0.9.62/debian/patches/CVE-2021-26910.patch
--- firejail-0.9.62/debian/patches/CVE-2021-26910.patch	1970-01-01 00:00:00.000000000 +0000
+++ firejail-0.9.62/debian/patches/CVE-2021-26910.patch	2021-03-27 15:20:50.000000000 +0000
@@ -0,0 +1,32 @@
+Author: netblue30 <netblue30@protonmail.com>
+Description: disable overlayfs, which is broken on current kernel releases
+ and has security vulnerabilities (CVE-2021-26910)
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767
+
+Index: firejail-0.9.62/configure.ac
+===================================================================
+--- firejail-0.9.62.orig/configure.ac
++++ firejail-0.9.62/configure.ac
+@@ -52,13 +52,16 @@ AC_SUBST([EXTRA_CFLAGS])
+ AC_SUBST([EXTRA_LDFLAGS])
+ 
+ 
++# overlayfs features temporarely disabled pending fixes
+ HAVE_OVERLAYFS=""
+-AC_ARG_ENABLE([overlayfs],
+-    AS_HELP_STRING([--disable-overlayfs], [disable overlayfs]))
+-AS_IF([test "x$enable_overlayfs" != "xno"], [
+-	HAVE_OVERLAYFS="-DHAVE_OVERLAYFS"
+-	AC_SUBST(HAVE_OVERLAYFS)
+-])
++AC_SUBST(HAVE_OVERLAYFS)
++#
++#AC_ARG_ENABLE([overlayfs],
++#    AS_HELP_STRING([--disable-overlayfs], [disable overlayfs]))
++#AS_IF([test "x$enable_overlayfs" != "xno"], [
++#	HAVE_OVERLAYFS="-DHAVE_OVERLAYFS"
++#	AC_SUBST(HAVE_OVERLAYFS)
++#])
+ 
+ HAVE_FIRETUNNEL=""
+ AC_ARG_ENABLE([firetunnel],
diff -Nru firejail-0.9.62/debian/patches/series firejail-0.9.62/debian/patches/series
--- firejail-0.9.62/debian/patches/series	2020-01-20 17:59:35.000000000 +0000
+++ firejail-0.9.62/debian/patches/series	2021-03-27 15:12:56.000000000 +0000
@@ -5,3 +5,4 @@
 m4_check_compile_flag.patch
 fix-tests.patch
 profile-fixes.patch
+CVE-2021-26910.patch