TL;DR: If you enabled -sandbox in your Bionic qemu, please test the PPA 
There is a CVE  which we fixed in Cosmic , but are unsure to backport to Bionic.
Reasons for that are:
- there is some regression risk associated which we want to minimize
- the sandbox feature it fixes is not enabled by default on Bionic (it is in Cosmic)
Per discussion between me and the security Team there are two things gating the backport of this to Bionic.
1. We'd want to know if anybody actually enables -sandbox explicitly in Bionic?
2. if so, it would be great if one of those with a real case could do a verification based on the ppa 
In case there is no feedback here (this poll might work, but no reply doesn't mean too much) we likely will wait until Cosmic is released for quite a while. That will implicitly test the -sandbox feature including the fix.