diff --git a/backport-CVE-2025-32990-avoid-1-byte-write-buffer-overrun-when-parsing-template.patch b/backport-CVE-2025-32990-avoid-1-byte-write-buffer-overrun-when-parsing-template.patch
new file mode 100644
index 0000000000000000000000000000000000000000..58c281ec1e669bf68228f3bcf78ff35ccf3cc7c8
--- /dev/null
+++ b/backport-CVE-2025-32990-avoid-1-byte-write-buffer-overrun-when-parsing-template.patch
@@ -0,0 +1,34 @@
+From b40020bdc2a29201a9b96cceda6ccf6d94cefaee Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 11 Jul 2025 10:09:23 +0800
+Subject: [PATCH] 1
+
+---
+ src/certtool-cfg.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
+index 2d7a1dc..bce2390 100644
+--- a/src/certtool-cfg.c
++++ b/src/certtool-cfg.c
+@@ -257,7 +257,7 @@ void cfg_init(void)
+ 	if (val != NULL) {                                                 \
+ 		if (s_name == NULL) {                                      \
+ 			i = 0;                                             \
+-			s_name = malloc(sizeof(char *) * MAX_ENTRIES);     \
++			s_name = calloc(MAX_ENTRIES + 1, sizeof(char *));  \
+ 			CHECK_MALLOC(s_name);                              \
+ 			do {                                               \
+ 				if (val && strcmp(val->name, k_name) != 0) \
+@@ -279,7 +279,7 @@ void cfg_init(void)
+ 		char *p;                                                      \
+ 		if (s_name == NULL) {                                         \
+ 			i = 0;                                                \
+-			s_name = malloc(sizeof(char *) * MAX_ENTRIES);        \
++			s_name = calloc(MAX_ENTRIES + 1, sizeof(char *));     \
+ 			CHECK_MALLOC(s_name);                                 \
+ 			do {                                                  \
+ 				if (val && strcmp(val->name, k_name) != 0)    \
+-- 
+2.43.0
+
diff --git a/gnutls.spec b/gnutls.spec
index 5083911c6677ec2b798dcd0a3837f644fb78308e..6d1a2af3a6ffd4edd46c8ef8d4bb1af912624032 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -1,6 +1,6 @@
 Name: gnutls
 Version: 3.8.2
-Release: 6
+Release: 7
 Summary: The GNU Secure Communication Protocol Library
 
 License: LGPLv2.1+ and GPLv3+
@@ -14,6 +14,7 @@ Patch2: backport-CVE-2024-0567-x509-detect-loop-in-certificate-chain.patch
 Patch3: backport-fix-CVE-2024-28834-nettle-avoid-normalization-of-mpz_t-in-deterministic.patch
 Patch4: backport-fix-CVE-2024-28835-gnutls_x509_trust_list_verify_crt2-remove-length-lim.patch 
 Patch5: backport-CVE-2024-12243-x509-optimize-name-constraints-processing.patch
+Patch6: backport-CVE-2025-32990-avoid-1-byte-write-buffer-overrun-when-parsing-template.patch
 
 %bcond_without dane
 %bcond_with guile
@@ -245,6 +246,9 @@ make check %{?_smp_mflags}
 %endif
 
 %changelog
+* Fri Jul 11 2025 jinshuaiyu <jinshuaiyu@kylinos.cn> - 3.8.2-7
+- fix CVE-2025-32990
+
 * Thu Feb 13 2025 xuraoqing <xuraoqing@huawei.com> - 3.8.2-6
 - fix CVE-2024-12243