diff -Nru cjose-0.6.1+dfsg1/debian/changelog cjose-0.6.1+dfsg1/debian/changelog
--- cjose-0.6.1+dfsg1/debian/changelog	2021-11-25 10:35:17.000000000 +0000
+++ cjose-0.6.1+dfsg1/debian/changelog	2023-08-22 14:39:35.000000000 +0000
@@ -1,3 +1,12 @@
+cjose (0.6.1+dfsg1-3ubuntu1.1) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: Use of a Broken Cryptographic Algorithm
+    - debian/patches/CVE-2023-37464.patch: use fixed authentication tag
+      length of 16 octets in AES GCM decryption.
+    - CVE-2023-37464
+
+ -- Paulo Flabiano Smorigo <pfsmorigo@canonical.com>  Tue, 22 Aug 2023 11:39:35 -0300
+
 cjose (0.6.1+dfsg1-3ubuntu1) jammy; urgency=medium
 
   * d/rules: Disable -Werror for deprecation warnings to fix
diff -Nru cjose-0.6.1+dfsg1/debian/patches/CVE-2023-37464.patch cjose-0.6.1+dfsg1/debian/patches/CVE-2023-37464.patch
--- cjose-0.6.1+dfsg1/debian/patches/CVE-2023-37464.patch	1970-01-01 00:00:00.000000000 +0000
+++ cjose-0.6.1+dfsg1/debian/patches/CVE-2023-37464.patch	2023-08-21 18:00:19.000000000 +0000
@@ -0,0 +1,109 @@
+From: Hans Zandbelt <hans.zandbelt@openidc.com>
+Date: Wed, 12 Jul 2023 10:52:45 +0200
+Subject: use fixed authentication tag length of 16 octets in AES GCM
+ decryption
+
+Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
+Origin: https://github.com/OpenIDC/cjose/commit/7325e9a5e71e2fc0e350487ecac7d84acdf0ed5e
+Bug: https://github.com/cisco/cjose/issues/125
+Bug: https://github.com/OpenIDC/cjose/security/advisories/GHSA-3rhg-3gf2-6xgj
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-37464
+Bug-Debian: https://bugs.debian.org/1041423
+---
+ src/jwe.c        |  6 ++++++
+ test/check_jwe.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 64 insertions(+)
+
+diff --git a/src/jwe.c b/src/jwe.c
+index 822d408..3b7bf73 100644
+--- a/src/jwe.c
++++ b/src/jwe.c
+@@ -1225,6 +1225,12 @@ static bool _cjose_jwe_decrypt_dat_a256gcm(cjose_jwe_t *jwe, cjose_err *err)
+         goto _cjose_jwe_decrypt_dat_a256gcm_fail;
+     }
+ 
++    if (jwe->enc_auth_tag.raw_len != 16)
++    {
++        CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
++        goto _cjose_jwe_decrypt_dat_a256gcm_fail;
++    }
++
+     // set the expected GCM-mode authentication tag
+     if (EVP_CIPHER_CTX_ctrl(ctx, CJOSE_EVP_CTRL_GCM_SET_TAG, jwe->enc_auth_tag.raw_len, jwe->enc_auth_tag.raw) != 1)
+     {
+diff --git a/test/check_jwe.c b/test/check_jwe.c
+index 459dce1..43d258e 100644
+--- a/test/check_jwe.c
++++ b/test/check_jwe.c
+@@ -809,6 +809,63 @@ START_TEST(test_cjose_jwe_decrypt_aes)
+ }
+ END_TEST
+ 
++START_TEST(test_cjose_jwe_decrypt_aes_gcm)
++{
++    cjose_err err;
++
++    const char *key = JWK_OCT_32;
++    const char *plain1 = "Live long and prosper.";
++    char *compact1 = "eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..Du_9fxxV-zrReaWC.aS_rpokeuxkaPc2sykcQDCQuJCYoww.GpeKGEqd8KQ0v6JNea5aSA";
++    char *compact2 = "eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..Du_9fxxV-zrReaWC.aS_rpokeuxkaPc2sykcQDCQuJCYoww.Gp";
++
++    cjose_jwk_t *jwk = cjose_jwk_import(key, strlen(key), &err);
++    ck_assert_msg(NULL != jwk,
++                  "cjose_jwk_import failed: "
++                  "%s, file: %s, function: %s, line: %ld",
++                  err.message, err.file, err.function, err.line);
++
++    cjose_jwe_t *jwe1 = cjose_jwe_import(compact1, strlen(compact1), &err);
++    ck_assert_msg(NULL != jwe1,
++                  "cjose_jwe_import failed: "
++                  "%s, file: %s, function: %s, line: %ld",
++                  err.message, err.file, err.function, err.line);
++
++    uint8_t *plain2 = NULL;
++    size_t plain2_len = 0;
++    plain2 = cjose_jwe_decrypt(jwe1, jwk, &plain2_len, &err);
++    ck_assert_msg(NULL != plain2,
++                  "cjose_jwe_decrypt failed: "
++                  "%s, file: %s, function: %s, line: %ld",
++                  err.message, err.file, err.function, err.line);
++
++    ck_assert_msg(plain2_len == strlen(plain1),
++                  "length of decrypted plaintext does not match length of original, "
++                  "expected: %lu, found: %lu",
++                  strlen(plain1), plain2_len);
++    ck_assert_msg(strncmp(plain1, plain2, plain2_len) == 0, "decrypted plaintext does not match encrypted plaintext");
++
++    cjose_get_dealloc()(plain2);
++    cjose_jwe_release(jwe1);
++
++    cjose_jwe_t *jwe2 = cjose_jwe_import(compact2, strlen(compact2), &err);
++    ck_assert_msg(NULL != jwe2,
++                   "cjose_jwe_import failed: "
++                   "%s, file: %s, function: %s, line: %ld",
++                   err.message, err.file, err.function, err.line);
++
++    uint8_t *plain3 = NULL;
++    size_t plain3_len = 0;
++    plain3 = cjose_jwe_decrypt(jwe2, jwk, &plain3_len, &err);
++    ck_assert_msg(NULL == plain3,
++                   "cjose_jwe_decrypt succeeded where it should have failed: "
++                   "%s, file: %s, function: %s, line: %ld",
++                   err.message, err.file, err.function, err.line);
++
++    cjose_jwe_release(jwe2);
++    cjose_jwk_release(jwk);
++}
++END_TEST
++
+ START_TEST(test_cjose_jwe_decrypt_rsa)
+ {
+     struct cjose_jwe_decrypt_rsa
+@@ -1210,6 +1267,7 @@ Suite *cjose_jwe_suite()
+     tcase_add_test(tc_jwe, test_cjose_jwe_self_encrypt_self_decrypt_large);
+     tcase_add_test(tc_jwe, test_cjose_jwe_self_encrypt_self_decrypt_many);
+     tcase_add_test(tc_jwe, test_cjose_jwe_decrypt_aes);
++    tcase_add_test(tc_jwe, test_cjose_jwe_decrypt_aes_gcm);
+     tcase_add_test(tc_jwe, test_cjose_jwe_decrypt_rsa);
+     tcase_add_test(tc_jwe, test_cjose_jwe_encrypt_with_bad_header);
+     tcase_add_test(tc_jwe, test_cjose_jwe_encrypt_with_bad_key);
diff -Nru cjose-0.6.1+dfsg1/debian/patches/series cjose-0.6.1+dfsg1/debian/patches/series
--- cjose-0.6.1+dfsg1/debian/patches/series	2021-10-12 08:35:42.000000000 +0000
+++ cjose-0.6.1+dfsg1/debian/patches/series	2023-08-21 18:00:19.000000000 +0000
@@ -1,2 +1,3 @@
 remove-platform-dir.patch
 fix-concatkdf-failures-on-big-endian-architectures.patch
+CVE-2023-37464.patch