diff -Nru lighttpd-1.4.65/debian/changelog lighttpd-1.4.65/debian/changelog
--- lighttpd-1.4.65/debian/changelog	2022-06-24 11:34:39.000000000 -0500
+++ lighttpd-1.4.65/debian/changelog	2023-02-16 20:35:58.000000000 -0600
@@ -1,3 +1,12 @@
+lighttpd (1.4.65-2ubuntu1.1) UNRELEASED; urgency=medium
+
+  * SECURITY UPDATE: Resource leak
+    - debian/patches/CVE-2022-41556.patch: Resource leak in gw_backend.c.
+      (LP: #1994989)
+    - CVE-2022-41556  
+
+ -- Jack Fewx <jack@fewx.com>  Thu, 16 Feb 2023 20:35:58 -0600
+
 lighttpd (1.4.65-2ubuntu1) kinetic; urgency=low
 
   * Merge from Debian unstable. Remaining changes:
diff -Nru lighttpd-1.4.65/debian/patches/CVE-2022-41556.patch lighttpd-1.4.65/debian/patches/CVE-2022-41556.patch
--- lighttpd-1.4.65/debian/patches/CVE-2022-41556.patch	1969-12-31 18:00:00.000000000 -0600
+++ lighttpd-1.4.65/debian/patches/CVE-2022-41556.patch	2023-02-16 20:35:58.000000000 -0600
@@ -0,0 +1,30 @@
+Description: Backport fix for CVE-2022-41556
+  From: Glenn Strauss <gstrauss@gluelogic.com>
+  Date: Sun, 11 Sep 2022 22:31:34 -0400
+  Subject: [PATCH] [core] handle RDHUP when collecting chunked body
+
+  handle RDHUP as soon as RDHUP detected when collecting HTTP/1.1 chunked
+  request body (and when not streaming request body to backend)
+
+
+Bug: https://github.com/lighttpd/lighttpd1.4/pull/115
+
+Reviewed-by: Jack Fewx <jack@fewx.com>
+Bug: https://nvd.nist.gov/vuln/detail/CVE-2022-41556
+Bug-Ubuntu: https://ubuntu.com/security/CVE-2022-41556
+Origin: upstream, https://github.com/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1994989
+
+---
+
+--- lighttpd-1.4.65.orig/src/gw_backend.c
++++ lighttpd-1.4.65/src/gw_backend.c
+@@ -2228,7 +2228,7 @@ handler_t gw_handle_subrequest(request_s
+                  *  and module is flagged to stream request body to backend) */
+                 return (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST)
+                   ? http_response_reqbody_read_error(r, 411)
+-                  : HANDLER_WAIT_FOR_EVENT;
++                  : (rc == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : rc; 
+             }
+ 
+             if (hctx->wb_reqlen < -1 && r->reqbody_length >= 0) {
diff -Nru lighttpd-1.4.65/debian/patches/series lighttpd-1.4.65/debian/patches/series
--- lighttpd-1.4.65/debian/patches/series	1969-12-31 18:00:00.000000000 -0600
+++ lighttpd-1.4.65/debian/patches/series	2023-02-16 20:35:58.000000000 -0600
@@ -0,0 +1 @@
+CVE-2022-41556.patch