diff -pruN 4.2.1+~3.1.0-1/debian/changelog 4.2.1+~3.1.0-2/debian/changelog
--- 4.2.1+~3.1.0-1/debian/changelog	2022-08-30 04:28:16.000000000 +0000
+++ 4.2.1+~3.1.0-2/debian/changelog	2023-05-24 03:14:44.000000000 +0000
@@ -1,3 +1,11 @@
+node-socket.io-parser (4.2.1+~3.1.0-2) unstable; urgency=medium
+
+  * Team upload
+  * Declare compliance with policy 4.6.2
+  * Check the format of the event name (Closes: CVE-2023-32695)
+
+ -- Yadd <yadd@debian.org>  Wed, 24 May 2023 07:14:44 +0400
+
 node-socket.io-parser (4.2.1+~3.1.0-1) unstable; urgency=medium
 
   * Team upload
diff -pruN 4.2.1+~3.1.0-1/debian/control 4.2.1+~3.1.0-2/debian/control
--- 4.2.1+~3.1.0-1/debian/control	2022-08-30 04:28:16.000000000 +0000
+++ 4.2.1+~3.1.0-2/debian/control	2023-05-24 03:04:19.000000000 +0000
@@ -14,7 +14,7 @@ Build-Depends: debhelper-compat (= 13)
  , node-ms
  , node-should <!nocheck>
  , node-typescript
-Standards-Version: 4.6.1
+Standards-Version: 4.6.2
 Vcs-Browser: https://salsa.debian.org/js-team/node-socket.io-parser
 Vcs-Git: https://salsa.debian.org/js-team/node-socket.io-parser.git
 Homepage: https://github.com/socketio/socket.io-parser
diff -pruN 4.2.1+~3.1.0-1/debian/patches/CVE-2023-32695.patch 4.2.1+~3.1.0-2/debian/patches/CVE-2023-32695.patch
--- 4.2.1+~3.1.0-1/debian/patches/CVE-2023-32695.patch	1970-01-01 00:00:00.000000000 +0000
+++ 4.2.1+~3.1.0-2/debian/patches/CVE-2023-32695.patch	2023-05-24 03:12:03.000000000 +0000
@@ -0,0 +1,47 @@
+Description: check the format of the event name
+ A packet like '2[{"toString":"foo"}]' was decoded as:
+ .
+ {
+   type: EVENT,
+   data: [ { "toString": "foo" } ]
+ }
+ .
+ Which would then throw an error when passed to the EventEmitter class:
+ .
+ > TypeError: Cannot convert object to primitive value
+ >    at Socket.emit (node:events:507:25)
+ >    at .../node_modules/socket.io/lib/socket.js:531:14
+Origin: upstream, https://github.com/socketio/socket.io-parser/commit/3b78117b
+Author: Damien Arrachequesne <damien.arrachequesne@gmail.com>
+Bug: https://github.com/advisories/GHSA-cqmj-92xf-r6r9
+Forwarded: not-needed
+Applied-Upstream: 4.2.3, commit:3b78117b
+Reviewed-By: Yadd <yadd@debian.org>
+Last-Update: 2023-05-24
+
+--- a/lib/index.ts
++++ b/lib/index.ts
+@@ -272,7 +272,10 @@
+         return typeof payload === "string" || typeof payload === "object";
+       case PacketType.EVENT:
+       case PacketType.BINARY_EVENT:
+-        return Array.isArray(payload) && payload.length > 0;
++        return (
++          Array.isArray(payload) &&
++          (typeof payload[0] === "string" || typeof payload[0] === "number")
++        );
+       case PacketType.ACK:
+       case PacketType.BINARY_ACK:
+         return Array.isArray(payload);
+--- a/test/parser.js
++++ b/test/parser.js
+@@ -142,6 +142,9 @@
+     isInvalidPayload("1/admin,{}");
+     isInvalidPayload('2/admin,"invalid');
+     isInvalidPayload("2/admin,{}");
++    isInvalidPayload('2[{"toString":"foo"}]');
++    isInvalidPayload('2[true,"foo"]');
++    isInvalidPayload('2[null,"bar"]');
+ 
+     expect(() => new Decoder().add("999")).to.throwException(
+       /^unknown packet type 9$/
diff -pruN 4.2.1+~3.1.0-1/debian/patches/series 4.2.1+~3.1.0-2/debian/patches/series
--- 4.2.1+~3.1.0-1/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ 4.2.1+~3.1.0-2/debian/patches/series	2023-05-24 03:09:21.000000000 +0000
@@ -0,0 +1 @@
+CVE-2023-32695.patch