diff -Nru lua5.3-5.3.3/debian/changelog lua5.3-5.3.3/debian/changelog
--- lua5.3-5.3.3/debian/changelog	2018-12-29 04:10:13.000000000 +0900
+++ lua5.3-5.3.3/debian/changelog	2021-07-01 22:43:24.000000000 +0900
@@ -1,3 +1,11 @@
+lua5.3 (5.3.3-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add patch to fix negation overflow in getlocal/setlocal
+   (CVE-2020-24370) (Closes: #988734)
+
+ -- Kentaro Hayashi <kenhys@xdump.org>  Thu, 01 Jul 2021 22:43:24 +0900
+
 lua5.3 (5.3.3-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru lua5.3-5.3.3/debian/patches/0005-Fixed-bug-Negation-overflow.patch lua5.3-5.3.3/debian/patches/0005-Fixed-bug-Negation-overflow.patch
--- lua5.3-5.3.3/debian/patches/0005-Fixed-bug-Negation-overflow.patch	1970-01-01 09:00:00.000000000 +0900
+++ lua5.3-5.3.3/debian/patches/0005-Fixed-bug-Negation-overflow.patch	2021-07-01 22:43:24.000000000 +0900
@@ -0,0 +1,36 @@
+From b5bc89846721375fe30772eb8c5ab2786f362bf9 Mon Sep 17 00:00:00 2001
+From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
+Date: Mon, 3 Aug 2020 16:25:28 -0300
+Subject: [PATCH] Fixed bug: Negation overflow in getlocal/setlocal
+
+---
+ ldebug.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/ldebug.c b/ldebug.c
+index e1389296e..bb0e1d4ac 100644
+--- a/src/ldebug.c
++++ b/src/ldebug.c
+@@ -133,10 +133,11 @@ static const char *upvalname (Proto *p, int uv) {
+ 
+ static const char *findvararg (CallInfo *ci, int n, StkId *pos) {
+   int nparams = clLvalue(ci->func)->p->numparams;
+-  if (n >= cast_int(ci->u.l.base - ci->func) - nparams)
++  int nvararg = cast_int(ci->u.l.base - ci->func) - nparams;
++  if (n <= -nvararg)
+     return NULL;  /* no such vararg */
+   else {
+-    *pos = ci->func + nparams + n;
++    *pos = ci->func + nparams - n;
+     return "(*vararg)";  /* generic name for any vararg */
+   }
+ }
+@@ -148,7 +149,7 @@ static const char *findlocal (lua_State *L, CallInfo *ci, int n,
+   StkId base;
+   if (isLua(ci)) {
+     if (n < 0)  /* access to vararg values? */
+-      return findvararg(ci, -n, pos);
++      return findvararg(ci, n, pos);
+     else {
+       base = ci->u.l.base;
+       name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci));
diff -Nru lua5.3-5.3.3/debian/patches/series lua5.3-5.3.3/debian/patches/series
--- lua5.3-5.3.3/debian/patches/series	2018-12-01 12:39:23.000000000 +0900
+++ lua5.3-5.3.3/debian/patches/series	2021-07-01 22:41:20.000000000 +0900
@@ -2,3 +2,4 @@
 0002-lua-modules-paths.patch
 0003-extern_C.patch
 0004-Fix-invalid-pointer-conversions.patch
+0005-Fixed-bug-Negation-overflow.patch