diff -Nru db5.3-5.3.28+dfsg1/debian/build_signature_amd64.txt db5.3-5.3.28+dfsg1/debian/build_signature_amd64.txt
--- db5.3-5.3.28+dfsg1/debian/build_signature_amd64.txt	2021-01-29 11:52:14.000000000 +0000
+++ db5.3-5.3.28+dfsg1/debian/build_signature_amd64.txt	2021-03-23 15:15:38.000000000 +0000
@@ -1 +1 @@
-7e5b311c
+6b2fefb9
diff -Nru db5.3-5.3.28+dfsg1/debian/changelog db5.3-5.3.28+dfsg1/debian/changelog
--- db5.3-5.3.28+dfsg1/debian/changelog	2021-02-05 17:02:54.000000000 +0000
+++ db5.3-5.3.28+dfsg1/debian/changelog	2021-03-23 15:15:50.000000000 +0000
@@ -1,3 +1,19 @@
+db5.3 (5.3.28+dfsg1-0.8ubuntu1) impish; urgency=low
+
+  * Merge from Debian unstable (LP: #1927978). Remaining changes:
+    - SECURITY UPDATE: Heap out-of-bounds read
+      - debian/patches/CVE-2019-8457.patch: enhance the rtreenode
+        function in lang/sql/sqlite/ext/rtree/rtree.c.
+      - CVE-2019-8457
+  * Removed patches obsoleted/merged by upstream:
+    - Fix FTBFS due to multiple definitions of progname, switch one of them
+      to glibc provided program_invocation_name.
+    - Test-suite sh_list segfaults when db5.3 built with gcc-10, switch to
+      gcc-9.
+    - Build everything with gcc-9.
+
+ -- Dave Jones <dave.jones@canonical.com>  Tue, 23 Mar 2021 15:15:50 +0000
+
 db5.3 (5.3.28+dfsg1-0.8) unstable; urgency=medium
 
   * Non-maintainer upload.
@@ -12,6 +28,36 @@
 
  -- Jochen Sprickerhof <jspricke@debian.org>  Fri, 29 Jan 2021 13:27:20 +0100
 
+db5.3 (5.3.28+dfsg1-0.6ubuntu4) hirsute; urgency=medium
+
+  * Build everything with gcc-9.
+
+ -- Matthias Klose <doko@ubuntu.com>  Mon, 22 Mar 2021 20:05:05 +0100
+
+db5.3 (5.3.28+dfsg1-0.6ubuntu3) groovy; urgency=medium
+
+  * Fix FTBFS due to multiple definitions of progname, switch one of them
+    to glibc provided program_invocation_name.
+  * Test-suite sh_list segfaults when db5.3 built with gcc-10, switch to
+    gcc-9.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 15 Sep 2020 16:07:12 +0100
+
+db5.3 (5.3.28+dfsg1-0.6ubuntu2) focal; urgency=medium
+
+  * No-change rebuild for libgcc-s1 package name change.
+
+ -- Matthias Klose <doko@ubuntu.com>  Sat, 21 Mar 2020 13:26:50 +0100
+
+db5.3 (5.3.28+dfsg1-0.6ubuntu1) eoan; urgency=medium
+
+  * SECURITY UPDATE: Heap out-of-bounds read
+    - debian/patches/CVE-2019-8457.patch: enhance the rtreenode
+      function in lang/sql/sqlite/ext/rtree/rtree.c.
+    - CVE-2019-8457
+
+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Fri, 31 May 2019 14:30:28 -0300
+
 db5.3 (5.3.28+dfsg1-0.6) unstable; urgency=medium
 
   * Non-maintainer upload.
@@ -641,3 +687,4 @@
     name "db".
 
  -- Clint Adams <schizo@debian.org>  Wed, 25 Jul 2007 20:37:51 +0700
+
diff -Nru db5.3-5.3.28+dfsg1/debian/control db5.3-5.3.28+dfsg1/debian/control
--- db5.3-5.3.28+dfsg1/debian/control	2021-01-23 18:28:22.000000000 +0000
+++ db5.3-5.3.28+dfsg1/debian/control	2021-03-23 15:15:50.000000000 +0000
@@ -1,7 +1,8 @@
 Source: db5.3
 Section: libs
 Priority: standard
-Maintainer: Debian Berkeley DB Team <team+bdb@tracker.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian Berkeley DB Team <team+bdb@tracker.debian.org>
 Uploaders: Ondřej Surý <ondrej@debian.org>
 Standards-Version: 3.9.6
 # For DEB_STAGE=stage1 build tcl-dev, javahelper, default-jdk can be dropped
diff -Nru db5.3-5.3.28+dfsg1/debian/patches/CVE-2019-8457.patch db5.3-5.3.28+dfsg1/debian/patches/CVE-2019-8457.patch
--- db5.3-5.3.28+dfsg1/debian/patches/CVE-2019-8457.patch	1970-01-01 01:00:00.000000000 +0100
+++ db5.3-5.3.28+dfsg1/debian/patches/CVE-2019-8457.patch	2019-05-31 18:30:28.000000000 +0100
@@ -0,0 +1,69 @@
+Description: Enhance the rtreenode function in order to avoid a heap out-of-bounds read
+Origin: https://www.sqlite.org/src/info/90acdbfce9c08858
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929775
+
+diff --git a/lang/sql/sqlite/ext/rtree/rtree.c b/lang/sql/sqlite/ext/rtree/rtree.c
+index ebf430a..f7795c5 100644
+--- a/lang/sql/sqlite/ext/rtree/rtree.c
++++ b/lang/sql/sqlite/ext/rtree/rtree.c
+@@ -3089,38 +3089,45 @@ static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
+   RtreeNode node;
+   Rtree tree;
+   int ii;
++  int nData;
++  int errCode;
++  sqlite3_str *pOut;
+ 
+   UNUSED_PARAMETER(nArg);
+   memset(&node, 0, sizeof(RtreeNode));
+   memset(&tree, 0, sizeof(Rtree));
+   tree.nDim = sqlite3_value_int(apArg[0]);
++  if( tree.nDim<1 || tree.nDim>5 ) return;
+   tree.nBytesPerCell = 8 + 8 * tree.nDim;
+   node.zData = (u8 *)sqlite3_value_blob(apArg[1]);
++  nData = sqlite3_value_bytes(apArg[1]);
++  if( nData<4 ) return;
++  if( nData<NCELL(&node)*tree.nBytesPerCell ) return;
+ 
++  pOut = sqlite3_str_new(0);
+   for(ii=0; ii<NCELL(&node); ii++){
+-    char zCell[512];
+-    int nCell = 0;
+     RtreeCell cell;
+     int jj;
+ 
+     nodeGetCell(&tree, &node, ii, &cell);
+-    sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid);
+-    nCell = strlen(zCell);
++    if( ii>0 ) sqlite3_str_append(pOut, " ", 1);
++    sqlite3_str_appendf(pOut, "{%lld", cell.iRowid);
+     for(jj=0; jj<tree.nDim*2; jj++){
+-      sqlite3_snprintf(512-nCell,&zCell[nCell]," %f",(double)cell.aCoord[jj].f);
+-      nCell = strlen(zCell);
++#ifndef SQLITE_RTREE_INT_ONLY
++      sqlite3_str_appendf(pOut, " %g", (double)cell.aCoord[jj].f);
++#else
++      sqlite3_str_appendf(pOut, " %d", cell.aCoord[jj].i);
++#endif
+     }
+ 
+-    if( zText ){
+-      char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell);
+-      sqlite3_free(zText);
+-      zText = zTextNew;
+-    }else{
+-      zText = sqlite3_mprintf("{%s}", zCell);
+-    }
++
++    sqlite3_str_append(pOut, "}", 1);
++
+   }
+-  
+-  sqlite3_result_text(ctx, zText, -1, sqlite3_free);
++  errCode = sqlite3_str_errcode(pOut);
++  sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free);
++  sqlite3_result_error_code(ctx, errCode);
++
+ }
+ 
+ static void rtreedepth(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
diff -Nru db5.3-5.3.28+dfsg1/debian/patches/series db5.3-5.3.28+dfsg1/debian/patches/series
--- db5.3-5.3.28+dfsg1/debian/patches/series	2021-02-05 17:01:29.000000000 +0000
+++ db5.3-5.3.28+dfsg1/debian/patches/series	2021-03-23 15:15:50.000000000 +0000
@@ -11,3 +11,4 @@
 010-__atomic_compare_exchange.patch
 0012-Don-t-expo-progname-symbol.patch
 0014-Use-one-object-for-shqueue.h-test.patch
+CVE-2019-8457.patch