diff -Nru ruby-rmagick-4.2.3/debian/changelog ruby-rmagick-4.2.3/debian/changelog
--- ruby-rmagick-4.2.3/debian/changelog	2023-02-02 21:55:51.000000000 +0000
+++ ruby-rmagick-4.2.3/debian/changelog	2023-12-01 09:36:26.000000000 +0000
@@ -1,3 +1,12 @@
+ruby-rmagick (4.2.3-2ubuntu0.23.04.1) lunar-security; urgency=medium
+
+  * SECURITY UPDATE: memory leak causes exhaustion
+    - debian/patches/CVE-2023-5349.patch: fix memory leak in 
+      ext/RMagick/rmdraw.c
+    - CVE-2023-5349
+
+ -- Sudhakar Verma <sudhakar.verma@canonical.com>  Fri, 01 Dec 2023 15:06:26 +0530
+
 ruby-rmagick (4.2.3-2build4) lunar; urgency=medium
 
   * No-change upload to remove support for ruby3.0.
diff -Nru ruby-rmagick-4.2.3/debian/control ruby-rmagick-4.2.3/debian/control
--- ruby-rmagick-4.2.3/debian/control	2021-10-12 17:40:48.000000000 +0000
+++ ruby-rmagick-4.2.3/debian/control	2023-12-01 09:36:26.000000000 +0000
@@ -1,7 +1,8 @@
 Source: ruby-rmagick
 Section: ruby
 Priority: optional
-Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
 Uploaders: Lucas Kanashiro <kanashiro@debian.org>,
            Marc Dequènes (Duck) <Duck@DuckCorp.org>,
            Gunnar Wolf <gwolf@debian.org>,
diff -Nru ruby-rmagick-4.2.3/debian/patches/CVE-2023-5349.patch ruby-rmagick-4.2.3/debian/patches/CVE-2023-5349.patch
--- ruby-rmagick-4.2.3/debian/patches/CVE-2023-5349.patch	1970-01-01 00:00:00.000000000 +0000
+++ ruby-rmagick-4.2.3/debian/patches/CVE-2023-5349.patch	2023-12-01 09:36:26.000000000 +0000
@@ -0,0 +1,25 @@
+From: Watson <watson1978@gmail.com>
+Date: Sun, 16 Jul 2023 17:59:52 +0900
+Subject: CVE-2023-5349: Fix memory leak in `Magick::Draw`
+
+Remove unnecessary `GetDrawInfo()` calling
+
+origin: https://github.com/rmagick/rmagick/commit/da823515a13130010f74678dc48f8b08a70cbd14.patch
+bug-github: https://github.com/rmagick/rmagick/pull/1406/commits
+bug: https://github.com/rmagick/rmagick/issues/1401
+bug-debian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2023-5349
+---
+ ext/RMagick/rmdraw.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- ruby-rmagick-4.2.3.orig/ext/RMagick/rmdraw.c
++++ ruby-rmagick-4.2.3/ext/RMagick/rmdraw.c
+@@ -1390,8 +1390,6 @@ DrawOptions_initialize(VALUE self)
+         rb_raise(rb_eNoMemError, "not enough memory to continue");
+     }
+ 
+-    GetDrawInfo(NULL, draw_options->info);
+-
+     if (rb_block_given_p())
+     {
+         if (rb_proc_arity(rb_block_proc()) == 0)
diff -Nru ruby-rmagick-4.2.3/debian/patches/series ruby-rmagick-4.2.3/debian/patches/series
--- ruby-rmagick-4.2.3/debian/patches/series	2021-10-12 17:40:48.000000000 +0000
+++ ruby-rmagick-4.2.3/debian/patches/series	2023-12-01 09:36:26.000000000 +0000
@@ -6,3 +6,4 @@
 0006-spec-skip-failing-tests.patch
 0007-spec_helper-drop-require_relative-to-lib-directory.patch
 0008-channel_mean_spec-fix-floating-point-comparison.patch
+CVE-2023-5349.patch