diff --git a/lua-5.4.0-CVE-2020-24369.patch b/lua-5.4.0-CVE-2020-24369.patch
new file mode 100644
index 0000000..bdf216d
--- /dev/null
+++ b/lua-5.4.0-CVE-2020-24369.patch
@@ -0,0 +1,18 @@
+diff -up lua-5.4.0/src/ldebug.c.CVE-2020-24369 lua-5.4.0/src/ldebug.c
+--- lua-5.4.0/src/ldebug.c.CVE-2020-24369	2020-08-19 12:43:01.995387723 -0400
++++ lua-5.4.0/src/ldebug.c	2020-08-19 12:43:42.191333666 -0400
+@@ -783,11 +783,13 @@ l_noret luaG_runerror (lua_State *L, con
+ ** previous instruction 'oldpc'.
+ */
+ static int changedline (const Proto *p, int oldpc, int newpc) {
++  if (p->lineinfo == NULL)  /* no debug information? */
++    return 0;
+   while (oldpc++ < newpc) {
+     if (p->lineinfo[oldpc] != 0)
+       return (luaG_getfuncline(p, oldpc - 1) != luaG_getfuncline(p, newpc));
+   }
+-  return 0;  /* no line changes in the way */
++  return 0;  /* no line changes between positions */
+ }
+ 
+ /*
diff --git a/lua.spec b/lua.spec
index 0cc9c16..456ac2f 100644
--- a/lua.spec
+++ b/lua.spec
@@ -15,7 +15,7 @@
 
 Name:           lua
 Version:        %{major_version}.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        Powerful light-weight programming language
 License:        MIT
 URL:            http://www.lua.org/
@@ -52,6 +52,7 @@ Patch12:	%{name}-5.4.0-bug5.patch
 Patch13:	%{name}-5.4.0-bug6.patch
 Patch14:	%{name}-5.4.0-bug7.patch
 Patch15:	%{name}-5.4.0-bug8.patch
+Patch16:	%{name}-5.4.0-CVE-2020-24369.patch
 
 BuildRequires:  automake autoconf libtool readline-devel ncurses-devel
 Requires:       lua-libs = %{version}-%{release}
@@ -111,6 +112,7 @@ mv src/luaconf.h src/luaconf.h.template.in
 %patch13 -p1 -b .bug6
 %patch14 -p1 -b .bug7
 %patch15 -p1 -b .bug8
+%patch16 -p1 -b .CVE-2020-24369
 # Put proper version in configure.ac, patch0 hardcodes 5.3.0
 sed -i 's|5.3.0|%{version}|g' configure.ac
 autoreconf -ifv
@@ -234,8 +236,10 @@ install -Dpm 0644 %{SOURCE1001} $RPM_BUILD_ROOT/%{_fileattrsdir}/lua.attr
 %files static
 %{_libdir}/*.a
 
-
 %changelog
+* Wed Aug 19 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-5
+- apply upstream fix for CVE-2020-24369
+
 * Fri Jul 31 2020 Tom Callaway <spot@fedoraproject.org> - 5.4.0-4
 - apply upstream fix for CVE-2020-15889
 - apply upstream fix for CVE-2020-15945