diff --git a/debian/changelog b/debian/changelog
index bfa1192..6722ead 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libcpanel-json-xs-perl (4.39-1deepin1) unstable; urgency=medium
+
+  * Fix integer buffer overflow in json_atof_scan1 (CVE-2025-40929)
+
+ -- deepin-ci-robot <packages@deepin.org>  Mon, 27 Apr 2026 19:07:41 +0800
+
 libcpanel-json-xs-perl (4.39-1) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/patches/cve_2025_40929.patch b/debian/patches/cve_2025_40929.patch
new file mode 100644
index 0000000..45fb677
--- /dev/null
+++ b/debian/patches/cve_2025_40929.patch
@@ -0,0 +1,33 @@
+Index: github-libcpanel-json-xs-perl-CVE-2025-40929/XS.xs
+===================================================================
+--- github-libcpanel-json-xs-perl-CVE-2025-40929.orig/XS.xs
++++ github-libcpanel-json-xs-perl-CVE-2025-40929/XS.xs
+@@ -710,16 +710,16 @@ json_atof_scan1 (const char *s, NV *accu
+   /* if we recurse too deep, skip all remaining digits */
+   /* to avoid a stack overflow attack */
+   if (UNLIKELY(--maxdepth <= 0))
+-    while (((U8)*s - '0') < 10)
++    while (*s >= '0' && *s <= '9')
+       ++s;
+ 
+   for (;;)
+     {
+-      U8 dig = (U8)*s - '0';
++      U8 dig = (U8)(*s - '0');
+ 
+       if (UNLIKELY(dig >= 10))
+         {
+-          if (dig == (U8)((U8)'.' - (U8)'0'))
++          if (dig == (U8)('.' - '0'))
+             {
+               ++s;
+               json_atof_scan1 (s, accum, expo, 1, maxdepth);
+@@ -739,7 +739,7 @@ json_atof_scan1 (const char *s, NV *accu
+               else if (*s == '+')
+                 ++s;
+ 
+-              while ((dig = (U8)*s - '0') < 10)
++              while (*s >= '0' && *s <= '9')
+                 exp2 = exp2 * 10 + *s++ - '0';
+ 
+               *expo += neg ? -exp2 : exp2;
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..b597025
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+cve_2025_40929.patch