diff --git a/perl-5.16.3-CVE-2023-31484.patch b/perl-5.16.3-CVE-2023-31484.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1f72164a032dd6820106e4bca31c4f637b4cb57b
--- /dev/null
+++ b/perl-5.16.3-CVE-2023-31484.patch
@@ -0,0 +1,24 @@
+From 560d2b37576c744676731bde0e84c8d5ae29cd88 Mon Sep 17 00:00:00 2001
+From: zhuhong_bo <zhuhongbo@uniontech.com>
+Date: Tue, 13 Jan 2026 16:28:27 +0800
+Subject: [PATCH] perl-5.16.3 CVE-2023-31484
+
+---
+ cpan/CPAN/lib/CPAN/HTTP/Client.pm | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/cpan/CPAN/lib/CPAN/HTTP/Client.pm b/cpan/CPAN/lib/CPAN/HTTP/Client.pm
+index c5eb0f6..215fa6b 100644
+--- a/cpan/CPAN/lib/CPAN/HTTP/Client.pm
++++ b/cpan/CPAN/lib/CPAN/HTTP/Client.pm
+@@ -32,6 +32,7 @@ sub mirror {
+ 
+     my $want_proxy = $self->_want_proxy($uri);
+     my $http = HTTP::Tiny->new(
++        verify_SSL => 1,
+         $want_proxy ? (proxy => $self->{proxy}) : ()
+     );
+ 
+-- 
+1.8.3.1
+
diff --git a/perl.spec b/perl.spec
index 38026bc64df9dc9a59c4bdc81fd16be8f1cfbf29..cf3e124aba8550df66f652b774c733a520a6fe72 100644
--- a/perl.spec
+++ b/perl.spec
@@ -31,7 +31,7 @@
 Name:           perl
 Version:        %{perl_version}
 # release number must be even higher, because dual-lived modules will be broken otherwise
-Release:        299%{?dist}
+Release:        299%{?dist}.1
 Epoch:          %{perl_epoch}
 Summary:        Practical Extraction and Report Language
 Group:          Development/Languages
@@ -201,7 +201,7 @@ Patch48:        perl-5.16.3-CVE-2020-10543.patch
 # Fix CVE-2020-10878, bug #1839275, fixed in upstream 5.28.3, ported from
 # upstream 011cd8913d3a230b8d30b156b848585c7c4c1597.
 Patch49:        perl-5.16.3-CVE-2020-10878.patch
-
+Patch50:        perl-5.16.3-CVE-2023-31484.patch
 # Update some of the bundled modules
 # see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
 
@@ -2010,6 +2010,7 @@ tarball from perl.org.
 %patch47 -p1
 %patch48 -p1
 %patch49 -p1
+%patch50 -p1
 
 %if !%{defined perl_bootstrap}
 # Local patch tracking
@@ -3742,6 +3743,9 @@ sed \
 
 # Old changelog entries are preserved in CVS.
 %changelog
+* Tue Jan 13 2026 zhuhongbo <zhuhongbo@uniontech.com> - 4:5.16.3-299.1
+- cve: fix cve CVE-2023-31484
+
 * Thu Jan 07 2021 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.16.3-299
 - Fix CVE-2020-10543 (bug #1839272)
 - Fix CVE-2020-10878 (bug #1839275)