diff -Nru passenger-5.0.30/debian/changelog passenger-5.0.30/debian/changelog
--- passenger-5.0.30/debian/changelog	2016-08-21 10:24:14.000000000 -0700
+++ passenger-5.0.30/debian/changelog	2019-03-10 15:36:59.000000000 -0700
@@ -1,3 +1,10 @@
+passenger (5.0.30-1+nmu1~001) UNRELEASED; urgency=medium
+
+  * Added patch from https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf
+    to address CVE-2017-16355.
+
+ -- Martin Chase <outofculture@gmail.com>  Sun, 10 Mar 2019 15:36:59 -0700
+
 passenger (5.0.30-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru passenger-5.0.30/debian/control passenger-5.0.30/debian/control
--- passenger-5.0.30/debian/control	2016-04-06 12:11:12.000000000 -0700
+++ passenger-5.0.30/debian/control	2019-03-10 14:15:16.000000000 -0700
@@ -2,8 +2,7 @@
 Section: ruby
 Priority: optional
 Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
-Uploaders: Micah Anderson <micah@debian.org>,
-           Felix Geyer <fgeyer@debian.org>
+Uploaders: Micah Anderson <micah@debian.org>
 Build-Depends: apache2 (>= 2.4),
                apache2-dev (>= 2.4),
                asciidoc (>= 8.2),
diff -Nru passenger-5.0.30/debian/patches/CVE-2017-16355 passenger-5.0.30/debian/patches/CVE-2017-16355
--- passenger-5.0.30/debian/patches/CVE-2017-16355	1969-12-31 16:00:00.000000000 -0800
+++ passenger-5.0.30/debian/patches/CVE-2017-16355	2019-03-10 15:33:41.000000000 -0700
@@ -0,0 +1,34 @@
+commit 4043718264095cde6623c2cbe8c644541036d7bf
+Author: Daniel Knoppel (Phusion) <daniel@phusion.nl>
+Date:   Wed Oct 11 15:55:07 2017 +0200
+
+    Disable unused feature.
+
+diff --git a/src/agent/Core/SpawningKit/Spawner.h b/src/agent/Core/SpawningKit/Spawner.h
+index e65034ae9..99dedb852 100644
+--- a/src/agent/Core/SpawningKit/Spawner.h
++++ b/src/agent/Core/SpawningKit/Spawner.h
+@@ -721,7 +721,6 @@ protected:
+ 		prepareChroot(info, options);
+ 		info.userSwitching = prepareUserSwitching(options);
+ 		prepareSwitchingWorkingDirectory(info, options);
+-		inferApplicationInfo(info);
+ 		return info;
+ 	}
+ 
+@@ -775,6 +774,7 @@ protected:
+ 		assert(info.appRootPathsInsideChroot.back() == info.appRootInsideChroot);
+ 	}
+ 
++#ifdef false
+ 	void inferApplicationInfo(SpawnPreparationInfo &info) const {
+ 		info.codeRevision = readFromRevisionFile(info);
+ 		if (info.codeRevision.empty()) {
+@@ -817,6 +817,7 @@ protected:
+ 			return string();
+ 		}
+ 	}
++#endif
+ 
+ 	bool shouldLoadShellEnvvars(const Options &options, const SpawnPreparationInfo &preparation) const {
+ 		if (options.loadShellEnvvars) {
diff -Nru passenger-5.0.30/debian/patches/series passenger-5.0.30/debian/patches/series
--- passenger-5.0.30/debian/patches/series	2016-04-06 12:35:40.000000000 -0700
+++ passenger-5.0.30/debian/patches/series	2019-03-10 15:34:11.000000000 -0700
@@ -1,3 +1,4 @@
 fix_install_path.patch
 bin_load_path.patch
 nodejs_bin_name.patch
+CVE-2017-16355