diff --git a/backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch b/backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch
new file mode 100644
index 0000000000000000000000000000000000000000..97b6c40732cbc33b6d447219e344c26545db3772
--- /dev/null
+++ b/backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch
@@ -0,0 +1,52 @@
+From ff577b94511f9fc314435a1154f1124dccbe57ec Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tina=20M=C3=BCller?= <cpan2@tinita.de>
+Date: Mon, 8 Apr 2024 23:32:52 +0200
+Subject: [PATCH] Fix emitter states handling when write_indicator fails
+
+There are cases where yaml_emitter_write_indicator fails.
+In that case POP is called on emitter->indents but not on emitter->states,
+which results in a leftover event in the stack, and later POP is called
+on an empty emitter->indents stack.
+
+This commit does not fix the case of the failing yaml_emitter_write_indicator.
+This is still investigated.
+---
+ src/emitter.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/emitter.c b/src/emitter.c
+index 609b28a4..0aca6c34 100644
+--- a/src/emitter.c
++++ b/src/emitter.c
+@@ -759,6 +759,7 @@ yaml_emitter_emit_flow_sequence_item(yaml_emitter_t *emitter,
+     {
+         emitter->flow_level --;
+         emitter->indent = POP(emitter, emitter->indents);
++        emitter->state = POP(emitter, emitter->states);
+         if (emitter->canonical && !first) {
+             if (!yaml_emitter_write_indicator(emitter, ",", 0, 0, 0))
+                 return 0;
+@@ -767,7 +768,6 @@ yaml_emitter_emit_flow_sequence_item(yaml_emitter_t *emitter,
+         }
+         if (!yaml_emitter_write_indicator(emitter, "]", 0, 0, 0))
+             return 0;
+-        emitter->state = POP(emitter, emitter->states);
+ 
+         return 1;
+     }
+@@ -808,6 +808,7 @@ yaml_emitter_emit_flow_mapping_key(yaml_emitter_t *emitter,
+             return 0;
+         emitter->flow_level --;
+         emitter->indent = POP(emitter, emitter->indents);
++        emitter->state = POP(emitter, emitter->states);
+         if (emitter->canonical && !first) {
+             if (!yaml_emitter_write_indicator(emitter, ",", 0, 0, 0))
+                 return 0;
+@@ -816,7 +817,6 @@ yaml_emitter_emit_flow_mapping_key(yaml_emitter_t *emitter,
+         }
+         if (!yaml_emitter_write_indicator(emitter, "}", 0, 0, 0))
+             return 0;
+-        emitter->state = POP(emitter, emitter->states);
+ 
+         return 1;
+     }
diff --git a/fix-heap-buffer-overflow-in-yaml_emitter_emit_flow_m.patch b/fix-heap-buffer-overflow-in-yaml_emitter_emit_flow_m.patch
new file mode 100644
index 0000000000000000000000000000000000000000..957a0cf7ed01b2016a010f5d5f4871aa79e0d742
--- /dev/null
+++ b/fix-heap-buffer-overflow-in-yaml_emitter_emit_flow_m.patch
@@ -0,0 +1,26 @@
+From 7015a5e99fecc195e36f2334b046b19abfc718c1 Mon Sep 17 00:00:00 2001
+From: panxiaohe <panxh.life@foxmail.com>
+Date: Mon, 18 Apr 2022 15:26:11 +0800
+Subject: [PATCH] fix heap buffer overflow in
+ yaml_emitter_emit_flow_mapping_key
+
+---
+ src/emitter.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/emitter.c b/src/emitter.c
+index 609b28a..a9f39ec 100644
+--- a/src/emitter.c
++++ b/src/emitter.c
+@@ -806,6 +806,8 @@ yaml_emitter_emit_flow_mapping_key(yaml_emitter_t *emitter,
+ 
+     if (event->type == YAML_MAPPING_END_EVENT)
+     {
++        if (STACK_EMPTY(emitter, emitter->indents))
++            return 0;
+         emitter->flow_level --;
+         emitter->indent = POP(emitter, emitter->indents);
+         if (emitter->canonical && !first) {
+-- 
+1.8.3.1
+
diff --git a/libyaml.spec b/libyaml.spec
index ad63f3516d0a8dcb72295722688f9cf6ccd488d7..dce915681b9251cb292c5f878416b03de7eae33a 100644
--- a/libyaml.spec
+++ b/libyaml.spec
@@ -1,4 +1,4 @@
-%define anolis_release 3
+%define anolis_release 4
 
 Name:           libyaml
 Version:        0.2.5
@@ -6,8 +6,11 @@ Release:        %{anolis_release}%{?dist}
 Summary:        A C library for parsing and emitting YAML
 
 License:        MIT
-URL:            https://github.com/yaml/libyaml
-Source0:        https://github.com/yaml/libyaml/releases/download/%{version}/yaml-%{version}.tar.gz
+URL:        http://pyyaml.org/
+Source0:    http://pyyaml.org/download/libyaml/yaml-%{version}.tar.gz
+
+Patch0:     fix-heap-buffer-overflow-in-yaml_emitter_emit_flow_m.patch
+Patch1:     backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -40,7 +43,7 @@ The %{name}-devel package contains libraries and header files for
 developing applications that use LibYAML.
 
 %prep
-%autosetup -n yaml-%{version}
+%autosetup -n yaml-%{version} -p1
 
 %build
 %configure
@@ -75,6 +78,10 @@ make check
 %{_includedir}/yaml.h
 
 %changelog
+* Thu May 30 2024 hezhongkun <hezhongkun@inspur.com> - 0.2.5-4
+- Fix heap buffer overflow in yaml_emitter_emit_flow_sequence_item
+- Fix CVE-2024-3205  
+
 * Mon Mar 13 2023 Kaihao Bai <carlo.bai@linux.alibaba.com> - 0.2.5-3
 - optimize spec