diff --git a/0005-libvncserver-CVE-2020-29260.patch b/0005-libvncserver-CVE-2020-29260.patch
new file mode 100644
index 0000000000000000000000000000000000000000..33182eed1f1b600b1b069951d2309e58840454bb
--- /dev/null
+++ b/0005-libvncserver-CVE-2020-29260.patch
@@ -0,0 +1,24 @@
+From bef41f6ec4097a8ee094f90a1b34a708fbd757ec Mon Sep 17 00:00:00 2001
+From: Christian Beier <info@christianbeier.net>
+Date: Sat, 21 Nov 2020 12:52:31 +0100
+Subject: [PATCH] libvncclient: free vncRec memory in rfbClientCleanup()
+
+Otherwise we leak memory. Spotted by Ramin Farajpour Cami
+<ramin.blackhat@gmail.com>, thanks!
+---
+ libvncclient/vncviewer.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libvncclient/vncviewer.c b/libvncclient/vncviewer.c
+index d6b91f02b..0a1bdcf6a 100644
+--- a/libvncclient/vncviewer.c
++++ b/libvncclient/vncviewer.c
+@@ -534,6 +534,8 @@ void rfbClientCleanup(rfbClient* client) {
+     client->clientData = next;
+   }
+ 
++  free(client->vncRec);
++
+   if (client->sock != RFB_INVALID_SOCKET)
+     rfbCloseSocket(client->sock);
+   if (client->listenSock != RFB_INVALID_SOCKET)
diff --git a/libvncserver.spec b/libvncserver.spec
index 6cf6fc9f5f03f5a9062ff19916e8b14066386cd7..310d8c3e4d40c4e00a1e210d76dfbc23a45f512e 100644
--- a/libvncserver.spec
+++ b/libvncserver.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 
 %undefine __cmake_in_source_build
 
@@ -28,6 +28,8 @@ Patch14: 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
 ## downstream patches
 Patch102: libvncserver-LibVNCServer-0.9.13-system-crypto-policy.patch
 
+Patch103: 0005-libvncserver-CVE-2020-29260.patch
+
 BuildRequires:  gcc-c++
 BuildRequires:  cmake3
 BuildRequires:  pkgconfig(gnutls)
@@ -148,5 +150,8 @@ done
 
 
 %changelog
+* Thu Nov 09 2023 mgb01105731 <mgb01105731@alibaba-inc.com> - 0.9.13-2
+- fix CVE-2020-29260
+
 * Tue Apr 11 2023 mgb01105731 <mgb01105731@alibaba-inc.com> - 0.9.13-1
 - Init upstream from version 0.9.13