* SECURITY UPDATE: Lua cjson and cmsgpack integer overflow issues - debian/patches/CVE-2022-24834.patch: Fix integer overflows due to using wrong integer size in Lua libraries, add overflow checks and improve test coverage - CVE-2022-24834 * SECURITY UPDATE: potential denial-of-service due to unbounded pattern matching - debian/patches/CVE-2024-31228.patch: Add nesting limit protection against abusive glob-style pattern matching to prevent DoS attacks - CVE-2024-31228 * SECURITY UPDATE: Lua bit.tohex integer overflow - debian/patches/CVE-2024-31449.patch: Fix INT_MIN value handling in Lua bit.tohex function to prevent integer overflow - CVE-2024-31449 * SECURITY UPDATE: out of bounds write in HyperLogLog commands - debian/patches/CVE-2025-32023.patch: Add proper validation checks to prevent out of bounds write in HyperLogLog sparse representation - CVE-2025-32023 * SECURITY UPDATE: Lua script may lead to integer overflow and potential RCE - debian/patches/CVE-2025-46817.patch: Fix integer overflow in Lua table unpack and table access functions that could lead to remote code execution - CVE-2025-46817 * SECURITY UPDATE: Lua out-of-bound read vulnerability - debian/patches/CVE-2025-46819.patch: Fix out-of-bound read in Lua lexer when parsing long string escape sequences - CVE-2025-46819 * SECURITY UPDATE: Lua script may lead to remote code execution - debian/patches/CVE-2025-49844.patch: Fix improper handling of source name string in Lua parser to prevent remote code execution - CVE-2025-49844