diff --git a/backport-CVE-2023-7101.patch b/backport-CVE-2023-7101.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0f5715063f5e0b295b51bede6a55bba168ab3064
--- /dev/null
+++ b/backport-CVE-2023-7101.patch
@@ -0,0 +1,59 @@
+From bd3159277e745468e2c553417b35d5d7dc7405bc Mon Sep 17 00:00:00 2001
+From: Daniel Ruoso <daniel@ruoso.com>
+Date: Thu, 28 Dec 2023 11:56:10 -0500
+Subject: [PATCH] Do not use string eval for conditional formatting
+
+---
+ lib/Spreadsheet/ParseExcel/Utility.pm | 31 +++++++++++++++++++--------
+ 1 file changed, 22 insertions(+), 9 deletions(-)
+
+diff --git a/lib/Spreadsheet/ParseExcel/Utility.pm b/lib/Spreadsheet/ParseExcel/Utility.pm
+index c0c26a0..d8cfb99 100644
+--- a/lib/Spreadsheet/ParseExcel/Utility.pm
++++ b/lib/Spreadsheet/ParseExcel/Utility.pm
+@@ -78,10 +78,12 @@ sub ExcelFmt {
+     $format_str = '@' if uc($format_str) eq "GENERAL";
+ 
+     # Check for a conditional at the start of the format. See notes above.
+-    my $conditional;
+-    if ( $format_str =~ /^\[([<>=][^\]]+)\](.*)$/ ) {
+-        $conditional = $1;
+-        $format_str  = $2;
++    my $conditional_op;
++    my $conditional_value;
++    if ( $format_str =~ /^\[([<>=]+)([^\]]+)\](.*)$/ ) {
++        $conditional_op = $1;
++        $conditional_value = $2;
++        $format_str = $3;
+     }
+ 
+     # Ignore the underscore token which is used to indicate a padding space.
+@@ -166,12 +168,23 @@ sub ExcelFmt {
+     }
+ 
+     # Override the previous choice if the format is conditional.
+-    if ($conditional) {
+-
+-        # TODO. Replace string eval with a function.
+-        $section = eval "$number $conditional" ? 0 : 1;
++    if ($conditional_op) {
++        if ($conditional_op eq '>') {
++            $section = $number > $conditional_value ? 0 : 1;
++        } elsif ($conditional_op eq '>=') {
++            $section = $number >= $conditional_value ? 0 : 1;
++        } elsif ($conditional_op eq '<') {
++            $section = $number < $conditional_value ? 0 : 1;
++        } elsif ($conditional_op eq '<=') {
++            $section = $number <= $conditional_value ? 0 : 1;
++        } elsif ($conditional_op eq '=') {
++            $section = $number == $conditional_value ? 0 : 1;
++        } elsif ($conditional_op eq '==') {
++            $section = $number == $conditional_value ? 0 : 1;
++        } elsif ($conditional_op eq '<>') {
++            $section = $number != $conditional_value ? 0 : 1;
++        }
+     }
+-
+     # We now have the required format.
+     $format = $formats[$section];
+ 
diff --git a/perl-Spreadsheet-ParseExcel.spec b/perl-Spreadsheet-ParseExcel.spec
index c625062099b7ec474851ff0098dec3038100a11a..47fe141ae41aa031c3a742cb39e01b59138d7e5b 100644
--- a/perl-Spreadsheet-ParseExcel.spec
+++ b/perl-Spreadsheet-ParseExcel.spec
@@ -2,11 +2,12 @@
 
 Name:           perl-Spreadsheet-ParseExcel
 Version:        0.65
-Release:        1
+Release:        2
 Summary:        Extract information from an Excel file
 License:        GPL+ or Artistic
 URL:            https://metacpan.org/release/Spreadsheet-ParseExcel
 Source0:        https://cpan.metacpan.org/authors/id/D/DO/DOUGW/Spreadsheet-ParseExcel-%{version}.tar.gz
+Patch6000:      backport-CVE-2023-7101.patch
 BuildRequires:  perl-generators
 BuildRequires:  perl(Crypt::RC4)
 BuildRequires:  perl(Digest::Perl::MD5)
@@ -35,6 +36,7 @@ Excel 95-2003 binary files.
 
 %prep
 %setup -q -n Spreadsheet-ParseExcel-%{version}
+%autopatch -p1
 
 %build
 export PERL_MM_OPT=""
@@ -84,5 +86,8 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/*
 
 %changelog
+* Wed Oct 22 2025 yujingbo <yujingbo@kylinos.cn> 0.65-2
+- fix CVE-2023-7101
+
 * Fri Oct 21 2022 misaka00251 <liuxin@iscas.ac.cn> 0.65-1
 - Specfile autogenerated by Perl_Bot