diff --git a/debian/changelog b/debian/changelog
index 1dc66423cdaca74557165b4fc1bb9504df5d6d35..8a9142791e244d8d4f9fca58fdfd3e129233c2ed 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,23 @@
+glib2.0 (2.74.6-2+deb12u5+apertis1) apertis; urgency=medium
+
+  * Sync from debian/bookworm.
+  * Remaining Apertis specific changes:
+   - Inject -Wno-error=format-overflow -Wno-error=format-truncation in
+     debian/rules. In contrary to Debian, we use by default -Wformat-overflow=2
+     and -Wformat-truncation=2 in Apertis, but due to the use of -Werror this
+     package FTBFS with: "cc1: all warnings being treated as errors".
+     In order to avoid this error, we don't treat these warnings as errors.
+
+ -- Apertis CI <devel@lists.apertis.org>  Fri, 17 Jan 2025 10:55:22 +0000
+
+glib2.0 (2.74.6-2+deb12u5) bookworm; urgency=medium
+
+  * d/p/gsocks4aproxy-Fix-a-single-byte-buffer-overflow-in-connec.patch:
+    Fix a buffer overflow when configured to use a SOCKS4a proxy with a
+    very long username (CVE-2024-52533, Closes: #1087419)
+
+ -- Simon McVittie <smcv@debian.org>  Thu, 14 Nov 2024 09:42:34 +0000
+
 glib2.0 (2.74.6-2+deb12u4+apertis1) apertis; urgency=medium
 
   * Sync from debian/bookworm.
diff --git a/debian/patches/gsocks4aproxy-Fix-a-single-byte-buffer-overflow-in-connec.patch b/debian/patches/gsocks4aproxy-Fix-a-single-byte-buffer-overflow-in-connec.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5e4be5ce80e36a5ca8496cd4ea12daee02de50ee
--- /dev/null
+++ b/debian/patches/gsocks4aproxy-Fix-a-single-byte-buffer-overflow-in-connec.patch
@@ -0,0 +1,44 @@
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Thu, 19 Sep 2024 18:35:53 +0100
+Subject: gsocks4aproxy: Fix a single byte buffer overflow in connect messages
+
+`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
+byte in the connect message, which is an addition in SOCKSv4a vs
+SOCKSv4.
+
+This means that the buffer for building and transmitting the connect
+message could be overflowed if the username and hostname are both
+`SOCKS4_MAX_LEN` (255) bytes long.
+
+Proxy configurations are normally statically configured, so the username
+is very unlikely to be near its maximum length, and hence this overflow
+is unlikely to be triggered in practice.
+
+(Commit message by Philip Withnall, diagnosis and fix by Michael
+Catanzaro.)
+
+CVE-2024-52533
+
+Bug: https://gitlab.gnome.org/GNOME/glib/-/issues/3461
+Bug-Debian: https://bugs.debian.org/1087419
+Origin: upstream, 2.82.1, commit:ec0b708b981af77fef8e4bbb603cde4de4cd2e29
+---
+ gio/gsocks4aproxy.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
+index 3dad118..b3146d0 100644
+--- a/gio/gsocks4aproxy.c
++++ b/gio/gsocks4aproxy.c
+@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+  * | VN | CD | DSTPORT |      DSTIP        | USERID       |NULL| HOST |    | NULL |
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+- *    1    1      2              4           variable       1    variable
++ *    1    1      2              4           variable       1    variable    1
+  */
+-#define SOCKS4_CONN_MSG_LEN	    (9 + SOCKS4_MAX_LEN * 2)
++#define SOCKS4_CONN_MSG_LEN	    (10 + SOCKS4_MAX_LEN * 2)
+ static gint
+ set_connect_msg (guint8      *msg,
+ 		 const gchar *hostname,
diff --git a/debian/patches/series b/debian/patches/series
index bc3465192220d442a11b64f3272fbe59bfe9bb64..f903721ff122f01d0af330bd008eaa6463610f28 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -43,3 +43,4 @@ CVE-2024-34397/tests-Ensure-that-unsubscribing-with-GetNameOwner-in-flig.patch
 CVE-2024-34397/gdbus-proxy-test-Wait-before-asserting-name-owner-has-gon.patch
 CVE-2024-34397/gdbusconnection-Allow-name-owners-to-have-the-syntax-of-a.patch
 gdbusmessage-Clean-the-cached-arg0-when-setting-the-messa.patch
+gsocks4aproxy-Fix-a-single-byte-buffer-overflow-in-connec.patch