diff --git a/debian/changelog b/debian/changelog
index 7c23102..cdb81b8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ruby-sinatra (3.0.5-3+deb13u1) bookworm; urgency=high
+
+  * Prevent Regexp DoS in ETag generation [CVE-2025-61921] (Closes: #1118290)
+  * debian/gbp.conf: point debian branch to debian/bookworm
+
+ -- Antonio Terceiro <terceiro@debian.org>  Sun, 19 Oct 2025 20:02:10 -0300
+
 ruby-sinatra (3.0.5-3) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/gbp.conf b/debian/gbp.conf
index cec628c..e552daa 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,2 +1,3 @@
 [DEFAULT]
 pristine-tar = True
+debian-branch = debian/bookworm
diff --git a/debian/patches/CVE-2025-61921.patch b/debian/patches/CVE-2025-61921.patch
new file mode 100644
index 0000000..dcd4c95
--- /dev/null
+++ b/debian/patches/CVE-2025-61921.patch
@@ -0,0 +1,25 @@
+From: gecunps <geraldineelaine.cu@nelnet.net>
+Date: Wed, 8 Oct 2025 11:15:08 +0800
+Subject: Fix regex to prevent redos
+
+This a backport of the original upstream patch.
+
+Signed-off-by: Antonio Terceiro <terceiro@debian.org>
+Link: https://github.com/sinatra/sinatra/pull/2121
+---
+ lib/sinatra/base.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/sinatra/base.rb b/lib/sinatra/base.rb
+index ba330a4..aeff9fd 100644
+--- a/lib/sinatra/base.rb
++++ b/lib/sinatra/base.rb
+@@ -693,7 +693,7 @@ module Sinatra
+     def etag_matches?(list, new_resource = request.post?)
+       return !new_resource if list == '*'
+ 
+-      list.to_s.split(/\s*,\s*/).include? response['ETag']
++      list.to_s.split(',').map(&:strip).include?(response['ETag'])
+     end
+ 
+     def with_params(temp_params)
diff --git a/debian/patches/series b/debian/patches/series
index 00beef1..a516274 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ i18n-fix.patch
 fix-relative-path.patch
 0001-Tests-against-Haml-6.patch
 fix-test-broken-by-ruby-rack.patch
+CVE-2025-61921.patch