diff -Nru tar-1.34+dfsg/debian/changelog tar-1.34+dfsg/debian/changelog
--- tar-1.34+dfsg/debian/changelog	2023-02-15 15:45:50.000000000 +0000
+++ tar-1.34+dfsg/debian/changelog	2023-12-05 05:15:51.000000000 +0000
@@ -1,3 +1,12 @@
+tar (1.34+dfsg-1ubuntu0.1.22.04.2) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: stack overflow via crafted xattr (LP: #2029464)
+    - debian/patches/CVE-2023-39804.patch: allocate xattr keys and values
+      on the heap rather than the stack in src/xheader.c
+    - CVE-2023-39804
+
+ -- Alex Murray <alex.murray@canonical.com>  Tue, 05 Dec 2023 15:45:51 +1030
+
 tar (1.34+dfsg-1ubuntu0.1.22.04.1) jammy-security; urgency=medium
 
   * SECURITY UPDATE: one-byte out of bounds
diff -Nru tar-1.34+dfsg/debian/patches/CVE-2023-39804.patch tar-1.34+dfsg/debian/patches/CVE-2023-39804.patch
--- tar-1.34+dfsg/debian/patches/CVE-2023-39804.patch	1970-01-01 00:00:00.000000000 +0000
+++ tar-1.34+dfsg/debian/patches/CVE-2023-39804.patch	2023-12-05 05:15:21.000000000 +0000
@@ -0,0 +1,56 @@
+Backport of the following upstream patch:
+From a339f05cd269013fa133d2f148d73f6f7d4247e4 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Sat, 28 Aug 2021 16:02:12 +0300
+Subject: Fix handling of extended header prefixes
+
+* src/xheader.c (locate_handler): Recognize prefix keywords only
+when followed by a dot.
+(xattr_decoder): Use xmalloc/xstrdup instead of alloc
+---
+ src/xheader.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+--- a/src/xheader.c
++++ b/src/xheader.c
+@@ -638,11 +638,11 @@
+ locate_handler (char const *keyword)
+ {
+   struct xhdr_tab const *p;
+-
+   for (p = xhdr_tab; p->keyword; p++)
+     if (p->prefix)
+       {
+-        if (strncmp (p->keyword, keyword, strlen(p->keyword)) == 0)
++	size_t kwlen = strlen (p->keyword);
++        if (keyword[kwlen] == '.' && strncmp (p->keyword, keyword, kwlen) == 0)
+           return p;
+       }
+     else
+@@ -1717,19 +1717,20 @@
+                char const *keyword, char const *arg, size_t size)
+ {
+   char *xstr, *xkey;
+-
++  
+   /* copy keyword */
+-  size_t klen_raw = strlen (keyword);
+-  xkey = alloca (klen_raw + 1);
+-  memcpy (xkey, keyword, klen_raw + 1) /* including null-terminating */;
++  xkey = xstrdup (keyword);
+ 
+   /* copy value */
+-  xstr = alloca (size + 1);
++  xstr = xmalloc (size + 1);
+   memcpy (xstr, arg, size + 1); /* separator included, for GNU tar '\n' */;
+ 
+   xattr_decode_keyword (xkey);
+ 
+-  xheader_xattr_add (st, xkey + strlen("SCHILY.xattr."), xstr, size);
++  xheader_xattr_add (st, xkey + strlen ("SCHILY.xattr."), xstr, size);
++
++  free (xkey);
++  free (xstr);
+ }
+ 
+ static void
diff -Nru tar-1.34+dfsg/debian/patches/series tar-1.34+dfsg/debian/patches/series
--- tar-1.34+dfsg/debian/patches/series	2023-02-15 15:45:33.000000000 +0000
+++ tar-1.34+dfsg/debian/patches/series	2023-12-05 05:15:21.000000000 +0000
@@ -4,3 +4,4 @@
 oldgnu-unknown-mode-bits.patch
 proper_it_translation.patch
 CVE-2022-48303.patch
+CVE-2023-39804.patch