diff -pruN 5:8.0.2-3/debian/changelog 5:8.0.2-3ubuntu0.25.10.1/debian/changelog
--- 5:8.0.2-3/debian/changelog	2025-07-14 16:47:32.000000000 +0000
+++ 5:8.0.2-3ubuntu0.25.10.1/debian/changelog	2025-10-13 19:20:17.000000000 +0000
@@ -1,3 +1,18 @@
+redis (5:8.0.2-3ubuntu0.25.10.1) questing-security; urgency=medium
+
+  * SECURITY UPDATE: remote code execution
+    - debian/patches/CVE-2025-49844.patch: protect TString on stack
+      during parsing to prevent use-after-free condition in lparser.c
+    - CVE-2025-49844
+
+ -- Sudhakar Verma <sudhakar.verma@canonical.com>  Tue, 14 Oct 2025 00:50:17 +0530
+
+redis (5:8.0.2-3build1) questing; urgency=medium
+
+  * Rebuild to include updated RISC-V base ISA RVA23
+
+ -- Heinrich Schuchardt <heinrich.schuchardt@canonical.com>  Thu, 28 Aug 2025 11:33:18 +0000
+
 redis (5:8.0.2-3) unstable; urgency=medium
 
   * Add a patch to re-add "Redis ver. $REDIS_VERSION" output to the LOLWUT
diff -pruN 5:8.0.2-3/debian/control 5:8.0.2-3ubuntu0.25.10.1/debian/control
--- 5:8.0.2-3/debian/control	2025-07-14 16:47:32.000000000 +0000
+++ 5:8.0.2-3ubuntu0.25.10.1/debian/control	2025-10-13 19:20:17.000000000 +0000
@@ -1,7 +1,8 @@
 Source: redis
 Section: database
 Priority: optional
-Maintainer: Chris Lamb <lamby@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Chris Lamb <lamby@debian.org>
 Build-Depends:
  debhelper-compat (= 13),
  libhiredis-dev,
diff -pruN 5:8.0.2-3/debian/patches/CVE-2025-49844.patch 5:8.0.2-3ubuntu0.25.10.1/debian/patches/CVE-2025-49844.patch
--- 5:8.0.2-3/debian/patches/CVE-2025-49844.patch	1970-01-01 00:00:00.000000000 +0000
+++ 5:8.0.2-3ubuntu0.25.10.1/debian/patches/CVE-2025-49844.patch	2025-10-13 19:18:24.000000000 +0000
@@ -0,0 +1,32 @@
+From d5728cb5795c966c5b5b1e0f0ac576a7e69af539 Mon Sep 17 00:00:00 2001
+From: Mincho Paskalev <minchopaskal@gmail.com>
+Date: Mon, 23 Jun 2025 11:41:37 +0300
+Subject: [PATCH] Lua script may lead to remote code execution (CVE-2025-49844)
+
+---
+ deps/lua/src/lparser.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+Index: redis-8.0.2/deps/lua/src/lparser.c
+===================================================================
+--- redis-8.0.2.orig/deps/lua/src/lparser.c
++++ redis-8.0.2/deps/lua/src/lparser.c
+@@ -384,13 +384,17 @@ Proto *luaY_parser (lua_State *L, ZIO *z
+   struct LexState lexstate;
+   struct FuncState funcstate;
+   lexstate.buff = buff;
+-  luaX_setinput(L, &lexstate, z, luaS_new(L, name));
++  TString *tname = luaS_new(L, name);
++  setsvalue2s(L, L->top, tname);
++  incr_top(L);
++  luaX_setinput(L, &lexstate, z, tname);
+   open_func(&lexstate, &funcstate);
+   funcstate.f->is_vararg = VARARG_ISVARARG;  /* main func. is always vararg */
+   luaX_next(&lexstate);  /* read first token */
+   chunk(&lexstate);
+   check(&lexstate, TK_EOS);
+   close_func(&lexstate);
++  --L->top;
+   lua_assert(funcstate.prev == NULL);
+   lua_assert(funcstate.f->nups == 0);
+   lua_assert(lexstate.fs == NULL);
diff -pruN 5:8.0.2-3/debian/patches/series 5:8.0.2-3ubuntu0.25.10.1/debian/patches/series
--- 5:8.0.2-3/debian/patches/series	2025-07-14 16:47:32.000000000 +0000
+++ 5:8.0.2-3ubuntu0.25.10.1/debian/patches/series	2025-10-13 19:18:14.000000000 +0000
@@ -6,3 +6,4 @@ debian-packaging/0001-Set-Debian-configu
 0005-CVE-2025-32023.patch
 0006-CVE-2025-48367.patch
 0007-Add-Redis-ver.-REDIS_VERSION-to-LOLWUT-8-output-as-a.patch
+CVE-2025-49844.patch