diff --git a/debian/changelog b/debian/changelog
index bacfde88..5aa600b7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,49 @@
+mosquitto (1.5.6-1) unstable; urgency=medium
+  
+  * SECURITY UPDATE: If Mosquitto is configured to use a password file for
+    authentication, any malformed data in the password file will be treated as
+    valid. This typically means that the malformed data becomes a username and
+    no password. If this occurs, clients can circumvent authentication and get
+    access to the broker by using the malformed username. In particular, a blank
+    line will be treated as a valid empty username. Other security measures are
+    unaffected. Users who have only used the mosquitto_passwd utility to create
+    and modify their password files are unaffected by this vulnerability.
+    - debian/patches/mosquitto-1.4.x-cve-2018-12551.patch: this fix introduces
+      more stringent parsing tests on the password file data.
+    - CVE-2018-12551
+  * SECURITY UPDATE: If an ACL file is empty, or has only blank lines or
+    comments, then mosquitto treats the ACL file as not being defined, which
+    means that no topic access is denied. Although denying access to all
+    topics is not a useful configuration, this behaviour is unexpected and
+    could lead to access being incorrectly granted in some circumstances.
+    - debian/patches/mosquitto-1.4.x-cve-2018-12550.patch: this fix ensures
+      that if an ACL file is defined but no rules are defined, then access will
+      be denied.
+    - CVE-2018-12550
+  * SECURITY UPDATE: If a client publishes a retained message to a topic that
+    they have access to, and then their access to that topic is revoked, the
+    retained message will still be delivered to future subscribers. This
+    behaviour may be undesirable in some applications, so a configuration
+    option `check_retain_source` has been introduced to enforce checking of
+    the retained message source on publish.
+    - debian/patches/mosquitto-1.4.8-cve-2018-12546.patch: this patch stores
+      the originator of the retained message, so security checking can be
+      carried out before re-publishing. The complexity of the patch is due to
+      the need to save this information across broker restarts.
+    - CVE-2018-12546
+  * New upstream release.
+  * Bump standards version to 4.3.0, no changes needed.
+  * fix-step3.patch: fix compilation error.
+
+ -- Roger A. Light <roger@atchoo.org>  Thu, 07 Feb 2019 16:00:52 +0000
+
+mosquitto (1.5.5-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Only chown mosquitto.log if it exists. (Closes: #916558)
+
+ -- Andreas Henriksson <andreas@fatal.se>  Sat, 22 Dec 2018 16:54:06 +0100
+
 mosquitto (1.5.5-1) unstable; urgency=medium
 
   * SECURITY UPDATE: If the option `per_listener_settings` was set to true,
diff --git a/debian/control b/debian/control
index ee22c145..a74f913d 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Build-Depends: debhelper (>= 11),
                pkg-config,
                uthash-dev,
                uuid-dev
-Standards-Version: 4.2.1
+Standards-Version: 4.3.0
 Homepage: https://mosquitto.org/
 Vcs-Git: https://github.com/eclipse/mosquitto
 Vcs-Browser: https://github.com/eclipse/mosquitto/tree/debian
diff --git a/debian/mosquitto.postinst b/debian/mosquitto.postinst
index 7cb5f7e3..90f4dabd 100644
--- a/debian/mosquitto.postinst
+++ b/debian/mosquitto.postinst
@@ -17,7 +17,8 @@ setup_mosquitto_user() {
 
 fix_permissions() {
 	chown mosquitto /var/lib/mosquitto
-	chown mosquitto /var/log/mosquitto /var/log/mosquitto/mosquitto.log
+	test ! -e /var/log/mosquitto || chown mosquitto /var/log/mosquitto
+	test ! -e /var/log/mosquitto/mosquitto.log || chown mosquitto /var/log/mosquitto/mosquitto.log
 }
 
 case "$1" in
diff --git a/debian/patches/fix-step3.patch b/debian/patches/fix-step3.patch
new file mode 100644
index 00000000..176e6513
--- /dev/null
+++ b/debian/patches/fix-step3.patch
@@ -0,0 +1,14 @@
+Description: Fix FTBFS
+Author: Roger Light <roger@atchoo.org>
+Forwarded: yes
+--- a/src/bridge.c
++++ b/src/bridge.c
+@@ -228,7 +228,7 @@
+ {
+ 	int rc;
+ 
+-	rc = net__socket_connect_step3(context, context->bridge->addresses[context->bridge->cur_address].address, context->bridge->addresses[context->bridge->cur_address].port, NULL, false);
++	rc = net__socket_connect_step3(context, context->bridge->addresses[context->bridge->cur_address].address);
+ 	if(rc > 0){
+ 		if(rc == MOSQ_ERR_TLS){
+ 			net__socket_close(db, context);
diff --git a/debian/patches/series b/debian/patches/series
index 380236d1..cef8669e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
+fix-step3.patch
 914525.patch
 debian-config.patch