diff --git a/CVE-2024-34083.patch b/CVE-2024-34083.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4913d9b6d096e89cd953d74904e061a0102c9978
--- /dev/null
+++ b/CVE-2024-34083.patch
@@ -0,0 +1,43 @@
+From 0360116a634a842b2bbe93528284679587a7c6c2 Mon Sep 17 00:00:00 2001
+From: Arusekk <Arusekk@aio-libs>
+Date: Mon, 20 May 2024 08:57:18 +0800
+Subject: [PATCH] CVE-2024-34083
+
+---
+ aiosmtpd/docs/NEWS.rst | 5 +++++
+ aiosmtpd/smtp.py       | 3 +++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/aiosmtpd/docs/NEWS.rst b/aiosmtpd/docs/NEWS.rst
+index 875ead0..fa8089b 100644
+--- a/aiosmtpd/docs/NEWS.rst
++++ b/aiosmtpd/docs/NEWS.rst
+@@ -15,6 +15,11 @@ Fixed/Improved
+ * All Controllers now have more rationale design, as they are now composited from a Base + a Mixin
+ * A whole bunch of annotations
+ 
++1.4.6 (2024-05-06)
++==================
++
++* STARTTLS is now fully enforced if used.
++
+ 
+ 1.4.4 (2023-01-17)
+ ==================
+diff --git a/aiosmtpd/smtp.py b/aiosmtpd/smtp.py
+index 09c85bf..8a20d13 100644
+--- a/aiosmtpd/smtp.py
++++ b/aiosmtpd/smtp.py
+@@ -504,6 +504,9 @@ class SMTP(asyncio.StreamReaderProtocol):
+             self._reader._transport = transport
+             self._writer._transport = transport
+             self.transport = transport
++            # Discard any leftover unencrypted data
++            # See https://tools.ietf.org/html/rfc3207#page-7
++            self._reader._buffer.clear()  # type: ignore[attr-defined]
+             # Do SSL certificate checking as rfc3207 part 4.1 says.  Why is
+             # _extra a protected attribute?
+             self.session.ssl = self._tls_protocol._extra
+-- 
+2.27.0
+
diff --git a/python-aiosmtpd.spec b/python-aiosmtpd.spec
index 704b4a5690d52e743549cb080d86bd925c9a6b03..31ccd3d0ba7bf42a852c7b68d1b09acb378ce510 100644
--- a/python-aiosmtpd.spec
+++ b/python-aiosmtpd.spec
@@ -1,12 +1,13 @@
 %global _empty_manifest_terminate_build 0
 Name:       python-aiosmtpd
 Version:    1.4.4
-Release:    2
+Release:    3
 Summary:    aiosmtpd - asyncio based SMTP server
 License:    Apache 2.0
 URL:        https://github.com/aio-libs/aiosmtpd
 Source0:    https://github.com/aio-libs/aiosmtpd/archive/%{version}.tar.gz#/aiosmtpd-%{version}.tar.gz
 Patch0:     CVE-2024-27305.patch
+Patch1:     CVE-2024-34083.patch
 BuildArch:  noarch
 
 
@@ -72,6 +73,9 @@ mv %{buildroot}/doclist.lst .
 %{_pkgdocdir}
 
 %changelog
+* Mon May 20 2024 lvfei <lvfei@kylinos.cn> - 1.4.4-3
+- Fix CVE-2024-34083
+
 * Wed Mar 13 2024 wangkai <13474090681@163.com> - 1.4.4-2
 - Fix CVE-2024-27305