diff --git a/CVE-2019-17544.patch b/CVE-2019-17544.patch
new file mode 100644
index 0000000000000000000000000000000000000000..69f3045817df1f3879843bdd0b92e72b783520ba
--- /dev/null
+++ b/CVE-2019-17544.patch
@@ -0,0 +1,49 @@
+From 80fa26c74279fced8d778351cff19d1d8f44fe4e Mon Sep 17 00:00:00 2001
+From: Kevin Atkinson <kevina@gnu.org>
+Date: Sun, 4 Aug 2019 04:20:29 -0400
+Subject: [PATCH] Fix various bugs found by OSS-Fuze.
+
+---
+ common/config.cpp    | 2 +-
+ common/file_util.cpp | 1 +
+ common/getdata.cpp   | 2 +-
+ 3 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/common/config.cpp b/common/config.cpp
+index 017e741..e117d3c 100644
+--- a/common/config.cpp
++++ b/common/config.cpp
+@@ -763,7 +763,7 @@ namespace acommon {
+       }
+       res.append(':');
+     }
+-    if (res.back() == ':') res.pop_back();
++    if (!res.empty() && res.back() == ':') res.pop_back();
+   }
+ 
+   struct ListAddHelper : public AddableContainer 
+diff --git a/common/file_util.cpp b/common/file_util.cpp
+index 8515832..56ea501 100644
+--- a/common/file_util.cpp
++++ b/common/file_util.cpp
+@@ -181,6 +181,7 @@ namespace acommon {
+     while ( (dir = els.next()) != 0 ) 
+     {
+       path = dir;
++      if (path.empty()) continue;
+       if (path.back() != '/') path += '/';
+       unsigned dir_len = path.size();
+       path += filename;
+diff --git a/common/getdata.cpp b/common/getdata.cpp
+index 7e822c9..1b04823 100644
+--- a/common/getdata.cpp
++++ b/common/getdata.cpp
+@@ -64,7 +64,7 @@ namespace acommon {
+   char * unescape(char * dest, const char * src)
+   {
+     while (*src) {
+-      if (*src == '\\') {
++      if (*src == '\\' && src[1]) {
+ 	++src;
+ 	switch (*src) {
+ 	case 'n': *dest = '\n'; break;
diff --git a/aspell.spec b/aspell.spec
index c4e42fc0b46ae22d192d03b91f3a97362cefb7d3..5dd198dffd243950f86c1e909d28b37fc290d5c4 100644
--- a/aspell.spec
+++ b/aspell.spec
@@ -1,11 +1,11 @@
 Name:          aspell
 Version:       0.60.6.1
-Release:       25
+Release:       27
 Summary:       Spell checker
 Epoch:         12
 License:       LGPLv2+ and LGPLv2 and GPLv2+ and BSD
 URL:           http://aspell.net/
-Source:        ftp://ftp.gnu.org/gnu/aspell/aspell-%{version}.tar.gz
+Source:        http://mirrors.ustc.edu.cn/gnu/aspell/aspell-%{version}.tar.gz
 
 Patch0000:     aspell-0.60.3-install_info.patch
 Patch0001:     aspell-0.60.5-fileconflict.patch
@@ -16,6 +16,7 @@ Patch0005:     aspell-0.60.6.1-dump-personal-abort.patch
 Patch0006:     aspell-0.60.6.1-aarch64.patch
 Patch0007:     aspell-0.60.6.1-gcc7-fixes.patch
 Patch0008:     aspell-0.60.6.1-fix-back-on-empty-vector.patch
+Patch0009:     CVE-2019-17544.patch
 
 BuildRequires: chrpath gettext ncurses-devel pkgconfig perl-interpreter gcc-c++
 
@@ -110,5 +111,11 @@ rm -rf ${RPM_BUILD_ROOT}%{_mandir}/man1/aspell-import.1
 %{_mandir}/man1/pspell-config.1*
 
 %changelog
+* Thu Jul 27 2021 houyingchao<houyingchao@huawei.com> - 12:0.60.6.1-27
+- fix CVE-2019-17544
+
+* Thu Dec 24 2020 Ge Wang<wangge20@huawei.com> - 12:0.60.6.1-26
+- Modify Source0 url
+ 
 * Wed Nov 27 2019 yangjian<yangjian79@huawei.com> - 12:0.60.6.1-25
 - Package init