diff -Nru lua5.4-5.4.4/debian/changelog lua5.4-5.4.4/debian/changelog
--- lua5.4-5.4.4/debian/changelog	2022-04-30 04:38:29.000000000 +0000
+++ lua5.4-5.4.4/debian/changelog	2022-07-17 11:56:01.000000000 +0000
@@ -1,7 +1,15 @@
+lua5.4 (5.4.4-3) unstable; urgency=medium
+
+  * Add a patch from upstream which fixes CVE-2022-33099, double free
+    in a situation when error occurs while handling an error
+    (closes: #1014935).
+
+ -- Sergei Golovan <sgolovan@debian.org>  Sun, 17 Jul 2022 14:56:01 +0300
+
 lua5.4 (5.4.4-2) unstable; urgency=medium
 
   * Add a patch from upstream which fixes CVE-2022-28805, segmentation fault
-    due to a heap overflow when parsing ENV with <const> (closes: 1010265).
+    due to a heap overflow when parsing ENV with <const> (closes: #1010265).
 
  -- Sergei Golovan <sgolovan@debian.org>  Sat, 30 Apr 2022 07:38:29 +0300
 
diff -Nru lua5.4-5.4.4/debian/patches/0005-cve-2022-33099.patch lua5.4-5.4.4/debian/patches/0005-cve-2022-33099.patch
--- lua5.4-5.4.4/debian/patches/0005-cve-2022-33099.patch	1970-01-01 00:00:00.000000000 +0000
+++ lua5.4-5.4.4/debian/patches/0005-cve-2022-33099.patch	2022-07-17 11:56:01.000000000 +0000
@@ -0,0 +1,49 @@
+From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
+Date: Fri, 20 May 2022 13:14:33 -0300
+Subject: [PATCH] Save stack space while handling errors
+ Because error handling (luaG_errormsg) uses slots from EXTRA_STACK,
+ and some errors can recur (e.g., string overflow while creating an
+ error message in 'luaG_runerror', or a C-stack overflow before calling
+ the message handler), the code should use stack slots with parsimony.
+ This commit fixes the bug "Lua-stack overflow when C stack overflows
+ while handling an error".
+ Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014935
+
+--- a/src/ldebug.c
++++ b/src/ldebug.c
+@@ -824,8 +824,11 @@
+   va_start(argp, fmt);
+   msg = luaO_pushvfstring(L, fmt, argp);  /* format message */
+   va_end(argp);
+-  if (isLua(ci))  /* if Lua function, add source:line information */
++  if (isLua(ci)) {  /* if Lua function, add source:line information */
+     luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci));
++    setobjs2s(L, L->top - 2, L->top - 1);  /* remove 'msg' from the stack */
++    L->top--;
++  }
+   luaG_errormsg(L);
+ }
+ 
+--- a/src/lvm.c
++++ b/src/lvm.c
+@@ -656,8 +656,10 @@
+       /* collect total length and number of strings */
+       for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
+         size_t l = vslen(s2v(top - n - 1));
+-        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
++        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
++          L->top = top - total;  /* pop strings to avoid wasting stack */
+           luaG_runerror(L, "string length overflow");
++        }
+         tl += l;
+       }
+       if (tl <= LUAI_MAXSHORTLEN) {  /* is result a short string? */
+@@ -672,7 +674,7 @@
+       setsvalue2s(L, top - n, ts);  /* create result */
+     }
+     total -= n-1;  /* got 'n' strings to create 1 new */
+-    L->top -= n-1;  /* popped 'n' strings and pushed one */
++    L->top = top - (n - 1);  /* popped 'n' strings and pushed one */
+   } while (total > 1);  /* repeat until only 1 result left */
+ }
+ 
diff -Nru lua5.4-5.4.4/debian/patches/series lua5.4-5.4.4/debian/patches/series
--- lua5.4-5.4.4/debian/patches/series	2022-04-30 04:38:29.000000000 +0000
+++ lua5.4-5.4.4/debian/patches/series	2022-07-17 11:56:01.000000000 +0000
@@ -2,3 +2,4 @@
 0002-lua-modules-paths.patch
 0003-extern_C.patch
 0004-cve-2022-28805.patch
+0005-cve-2022-33099.patch