diff -Nru icu-67.1/debian/changelog icu-67.1/debian/changelog
--- icu-67.1/debian/changelog	2021-03-22 16:31:21.000000000 -0500
+++ icu-67.1/debian/changelog	2021-08-12 12:41:32.000000000 -0500
@@ -1,3 +1,18 @@
+icu (67.1-7ubuntu1) impish; urgency=high
+
+  * Merge from Debian unstable (LP: #1939728). Remaining changes:
+    - update-tz-tests.patch. This fixes a test failure caused by Ubuntu's
+      tzdata bundling icu-data, while Debian's does not
+
+ -- William 'jawn-smith' Wilson <william.wilson@canonical.com>  Thu, 12 Aug 2021 12:39:01 -0600
+
+icu (67.1-7) unstable; urgency=high
+
+  * Backport upstream security fix for CVE-2021-30535: crash caused by locale
+    assign/move operators.
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Wed, 30 Jun 2021 18:07:32 +0200
+
 icu (67.1-6ubuntu2) hirsute; urgency=medium
 
   * No-change rebuild.
@@ -1244,3 +1259,4 @@
   * Initial Release.
 
  -- Yves Arrouye <yves@debian.org>  Tue, 24 Oct 2000 16:14:12 -0700
+
diff -Nru icu-67.1/debian/patches/locid_operators.patch icu-67.1/debian/patches/locid_operators.patch
--- icu-67.1/debian/patches/locid_operators.patch	1969-12-31 18:00:00.000000000 -0600
+++ icu-67.1/debian/patches/locid_operators.patch	2021-04-21 08:42:38.000000000 -0500
@@ -0,0 +1,41 @@
+diff --git a/patches/locid_operators.patch b/patches/locid_operators.patch
+new file mode 100644
+index 0000000..7428558
+--- /dev/null
++++ b/patches/locid_operators.patch
+@@ -0,0 +1,35 @@
++diff --git a/source/common/locid.cpp b/source/common/locid.cpp
++index 0d506293..4743db53 100644
++--- a/source/common/locid.cpp
+++++ b/source/common/locid.cpp
++@@ -469,14 +469,18 @@ Locale& Locale::operator=(Locale&& other) U_NOEXCEPT {
++     if ((baseName != fullName) && (baseName != fullNameBuffer)) uprv_free(baseName);
++     if (fullName != fullNameBuffer) uprv_free(fullName);
++ 
++-    if (other.fullName == other.fullNameBuffer) {
+++    if (other.fullName == other.fullNameBuffer || other.baseName == other.fullNameBuffer) {
++         uprv_strcpy(fullNameBuffer, other.fullNameBuffer);
+++    }
+++    if (other.fullName == other.fullNameBuffer) {
++         fullName = fullNameBuffer;
++     } else {
++         fullName = other.fullName;
++     }
++ 
++-    if (other.baseName == other.fullName) {
+++    if (other.baseName == other.fullNameBuffer) {
+++        baseName = fullNameBuffer;
+++    } else if (other.baseName == other.fullName) {
++         baseName = fullName;
++     } else {
++         baseName = other.baseName;
++@@ -2696,6 +2700,9 @@ Locale::setKeywordValue(const char* keywordName, const char* keywordValue, UErro
++         if (fullName != fullNameBuffer) {
++             // if full Name is already on the heap, need to free it.
++             uprv_free(fullName);
+++            if (baseName == fullName) {
+++                baseName = newFullName; // baseName should not point to freed memory.
+++            }
++         }
++         fullName = newFullName;
++         status = U_ZERO_ERROR;
diff -Nru icu-67.1/debian/patches/series icu-67.1/debian/patches/series
--- icu-67.1/debian/patches/series	2021-01-29 15:39:01.000000000 -0600
+++ icu-67.1/debian/patches/series	2021-08-12 12:16:04.000000000 -0500
@@ -6,3 +6,4 @@
 #flaky-tests.patch
 ICU-13786_Fix_addLikelySubtags_minimizeSubtags.patch
 update-tz-tests.patch
+locid_operators.patch