diff -Nru libxmlb-0.1.15/debian/changelog libxmlb-0.1.15/debian/changelog
--- libxmlb-0.1.15/debian/changelog	2021-01-25 17:05:07.000000000 +0100
+++ libxmlb-0.1.15/debian/changelog	2022-09-07 11:42:21.000000000 +0200
@@ -1,3 +1,9 @@
+libxmlb (0.1.15-2ubuntu1~20.04.1ubuntu1) focal; urgency=high
+
+  * Fix double-free bug
+
+ -- Sergio Costas Rodriguez <sergio.costas@canonical.com>  Wed, 07 Sep 2022 11:42:21 +0200
+
 libxmlb (0.1.15-2ubuntu1~20.04.1) focal; urgency=medium
 
   * No-change backport from hirsute to focal
diff -Nru libxmlb-0.1.15/debian/control libxmlb-0.1.15/debian/control
--- libxmlb-0.1.15/debian/control	2021-01-25 17:01:47.000000000 +0100
+++ libxmlb-0.1.15/debian/control	2022-09-07 11:42:21.000000000 +0200
@@ -1,7 +1,8 @@
 Source: libxmlb
 Section: libs
 Priority: optional
-Maintainer: Debian EFI team <debian-efi@lists.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian EFI team <debian-efi@lists.debian.org>
 Uploaders: Steve McIntyre <93sam@debian.org>,
            Matthias Klumpp <mak@debian.org>,
            Mario Limonciello <mario.limonciello@dell.com>
diff -Nru libxmlb-0.1.15/debian/patches/fix-double-free-bug libxmlb-0.1.15/debian/patches/fix-double-free-bug
--- libxmlb-0.1.15/debian/patches/fix-double-free-bug	1970-01-01 01:00:00.000000000 +0100
+++ libxmlb-0.1.15/debian/patches/fix-double-free-bug	2022-09-07 11:42:21.000000000 +0200
@@ -0,0 +1,44 @@
+Description: Fix double-free bug
+ Under some circumstances, depending on the specific data feeded to
+ libxmlb, a memory block can be freed twice during the final tree
+ prune, when the nodes with less priority are removed.
+ .
+ libxmlb (0.1.15-2ubuntu1~20.04.1ubuntu1) focal; urgency=high
+ .
+   * Fix double-free bug
+Author: Sergio Costas Rodriguez <sergio.costas@canonical.com>
+Applied-Upstream: https://github.com/hughsie/libxmlb/pull/127
+Bug-Ubuntu: https://bugs.launchpad.net/snap-store-desktop/+bug/1988440
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: https://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: 2022-09-07
+
+--- libxmlb-0.1.15.orig/src/xb-builder.c
++++ libxmlb-0.1.15/src/xb-builder.c
+@@ -410,7 +410,7 @@ xb_builder_xml_lang_prio_cb (XbBuilderNo
+ 	for (guint i = 0; i < nodes->len; i++) {
+ 		XbBuilderNode *bn2 = g_ptr_array_index (nodes, i);
+ 		if (xb_builder_node_get_priority (bn2) < prio_best)
+-			g_ptr_array_add (nodes_to_destroy, bn2);
++			g_ptr_array_add (nodes_to_destroy, g_object_ref(bn2));
+ 
+ 		/* never visit this node again */
+ 		xb_builder_node_set_priority (bn2, -2);
+@@ -700,7 +700,7 @@ xb_builder_compile (XbBuilder *self, XbB
+ 	XbBuilderNodetabHelper nodetab_helper = {
+ 		.buf = NULL,
+ 	};
+-	g_autoptr(GPtrArray) nodes_to_destroy = g_ptr_array_new ();
++	g_autoptr(GPtrArray) nodes_to_destroy = g_ptr_array_new_with_free_func ((GDestroyNotify) g_object_unref);
+ 	g_autoptr(GTimer) timer = g_timer_new ();
+ 	g_autoptr(XbBuilderCompileHelper) helper = NULL;
+ 
diff -Nru libxmlb-0.1.15/debian/patches/series libxmlb-0.1.15/debian/patches/series
--- libxmlb-0.1.15/debian/patches/series	2021-01-25 17:01:47.000000000 +0100
+++ libxmlb-0.1.15/debian/patches/series	2022-09-07 11:42:21.000000000 +0200
@@ -1,2 +1,3 @@
 tests-Make-the-build-reproducible.patch
 xb-silo-Cancel-the-GFileMonitor-before-unreffing-it.patch
+fix-double-free-bug