diff -Nru iptables-1.8.7/debian/changelog iptables-1.8.7/debian/changelog
--- iptables-1.8.7/debian/changelog	2023-04-26 15:40:37.000000000 +0100
+++ iptables-1.8.7/debian/changelog	2024-01-15 18:56:21.000000000 +0000
@@ -1,3 +1,10 @@
+iptables (1.8.7-1ubuntu5.2) jammy; urgency=medium
+
+  * Apply upstream patch to fix a double free of
+    unrecognized base-chains. (LP: #2049318)
+
+ -- Sudip Mukherjee <sudipm.mukherjee@gmail.com>  Mon, 15 Jan 2024 18:56:21 +0000
+
 iptables (1.8.7-1ubuntu5.1) jammy; urgency=medium
 
   * d/patches: 0001-libiptc-Fix-for-segfault-when-renaming-a-chain.patch
diff -Nru iptables-1.8.7/debian/patches/fix_doublefree.patch iptables-1.8.7/debian/patches/fix_doublefree.patch
--- iptables-1.8.7/debian/patches/fix_doublefree.patch	1970-01-01 01:00:00.000000000 +0100
+++ iptables-1.8.7/debian/patches/fix_doublefree.patch	2024-01-15 18:56:16.000000000 +0000
@@ -0,0 +1,19 @@
+Description: apply upstream patch to fix double free.
+Origin: upstream, https://git.netfilter.org/iptables/commit/?id=4318961230bce82958df82b57f1796143bf2f421
+Bug-Ubuntu: https://launchpad.net/bugs/2049318
+Last-Update: 2024-01-15
+---
+
+--- iptables-1.8.7.orig/iptables/nft-cache.c
++++ iptables-1.8.7/iptables/nft-cache.c
+@@ -271,9 +271,7 @@ static int nftnl_chain_list_cb(const str
+ 		goto out;
+ 	}
+ 
+-	if (nft_cache_add_chain(h, t, c))
+-		goto out;
+-
++	nft_cache_add_chain(h, t, c);
+ 	return MNL_CB_OK;
+ out:
+ 	nftnl_chain_free(c);
diff -Nru iptables-1.8.7/debian/patches/series iptables-1.8.7/debian/patches/series
--- iptables-1.8.7/debian/patches/series	2023-04-26 15:40:37.000000000 +0100
+++ iptables-1.8.7/debian/patches/series	2024-01-15 18:51:53.000000000 +0000
@@ -2,3 +2,4 @@
 9002-libxt_recent-Add-support-for-reap-option.patch
 9005-iptables-nft-fix-Z-option.patch
 0001-libiptc-Fix-for-segfault-when-renaming-a-chain.patch
+fix_doublefree.patch