diff --git a/backport-CVE-2025-26699.patch b/backport-CVE-2025-26699.patch
new file mode 100644
index 0000000000000000000000000000000000000000..422fe549afe1f5e489aa41b4637b9691afab839c
--- /dev/null
+++ b/backport-CVE-2025-26699.patch
@@ -0,0 +1,102 @@
+From 4f2765232336b8ad0afd8017d9d912ae93470017 Mon Sep 17 00:00:00 2001
+From: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
+Date: Tue, 25 Feb 2025 09:40:54 +0100
+Subject: [PATCH] [5.0.x] Fixed CVE-2025-26699 -- Mitigated potential DoS in
+ wordwrap template filter.
+
+Thanks sw0rd1ight for the report.
+
+Backport of 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b from main.
+---
+ django/utils/text.py                          | 28 +++++++------------
+ docs/releases/4.2.15.txt                      |  7 +++++
+ .../filter_tests/test_wordwrap.py             | 12 ++++++++
+ 3 files changed, 29 insertions(+), 18 deletions(-)
+
+diff --git a/django/utils/text.py b/django/utils/text.py
+index e1b835e..81ae88d 100644
+--- a/django/utils/text.py
++++ b/django/utils/text.py
+@@ -1,6 +1,7 @@
+ import gzip
+ import re
+ import secrets
++import textwrap
+ import unicodedata
+ from gzip import GzipFile
+ from gzip import compress as gzip_compress
+@@ -97,24 +98,15 @@ def wrap(text, width):
+     ``width``.
+     """
+ 
+-    def _generator():
+-        for line in text.splitlines(True):  # True keeps trailing linebreaks
+-            max_width = min((line.endswith("\n") and width + 1 or width), width)
+-            while len(line) > max_width:
+-                space = line[: max_width + 1].rfind(" ") + 1
+-                if space == 0:
+-                    space = line.find(" ") + 1
+-                    if space == 0:
+-                        yield line
+-                        line = ""
+-                        break
+-                yield "%s\n" % line[: space - 1]
+-                line = line[space:]
+-                max_width = min((line.endswith("\n") and width + 1 or width), width)
+-            if line:
+-                yield line
+-
+-    return "".join(_generator())
++    wrapper = textwrap.TextWrapper(
++        width=width,
++        break_long_words=False,
++        break_on_hyphens=False,
++    )
++    result = []
++    for line in text.splitlines(True):
++        result.extend(wrapper.wrap(line))
++    return "\n".join(result)
+ 
+ 
+ class Truncator(SimpleLazyObject):
+diff --git a/docs/releases/4.2.15.txt b/docs/releases/4.2.15.txt
+index b1d4684..4ee3882 100644
+--- a/docs/releases/4.2.15.txt
++++ b/docs/releases/4.2.15.txt
+@@ -7,6 +7,13 @@ Django 4.2.15 release notes
+ Django 4.2.15 fixes three security issues with severity "moderate", one
+ security issue with severity "high", and a regression in 4.2.14.
+ 
++
++CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()``
++=========================================================================================
++
++The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a
++potential denial-of-service attack when used with very long strings.
++
+ CVE-2024-41989: Memory exhaustion in ``django.utils.numberformat.floatformat()``
+ ================================================================================
+ 
+diff --git a/tests/template_tests/filter_tests/test_wordwrap.py b/tests/template_tests/filter_tests/test_wordwrap.py
+index 88fbd27..7557153 100644
+--- a/tests/template_tests/filter_tests/test_wordwrap.py
++++ b/tests/template_tests/filter_tests/test_wordwrap.py
+@@ -78,3 +78,15 @@ class FunctionTests(SimpleTestCase):
+             "this is a long\nparagraph of\ntext that\nreally needs\nto be wrapped\n"
+             "I'm afraid",
+         )
++
++
++    def test_wrap_long_text(self):
++        long_text = (
++            "this is a long paragraph of text that really needs"
++            " to be wrapped I'm afraid " * 20_000
++        )
++        self.assertIn(
++            "this is a\nlong\nparagraph\nof text\nthat\nreally\nneeds to\nbe wrapped\n"
++            "I'm afraid",
++            wordwrap(long_text, 10),
++        )
+-- 
+2.46.0
+
diff --git a/python-django.spec b/python-django.spec
index ba5ebcf85ea21c47cd50e9594878f16389edcf52..7b21117dbd205d00acf8d577ecd3a12af16bb37e 100644
--- a/python-django.spec
+++ b/python-django.spec
@@ -1,7 +1,7 @@
 %global _empty_manifest_terminate_build 0
 Name:		python-django
 Version:	4.2.15
-Release:	4
+Release:	5
 Summary:	A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
 License:	Apache-2.0 and Python-2.0 and BSD-3-Clause
 URL:		https://www.djangoproject.com/
@@ -11,6 +11,7 @@ Patch1:		CVE-2024-45231.patch
 Patch2:		CVE-2024-53907.patch
 Patch3:		CVE-2024-53908.patch
 Patch4:		CVE-2024-56374.patch
+Patch5:		backport-CVE-2025-26699.patch 
 
 BuildArch:	noarch
 %description
@@ -77,6 +78,12 @@ mv %{buildroot}/doclist.lst .
 %{_docdir}/*
 
 %changelog
+* Mon Mar 10 2025 changtao <changtao@kylinos.cn> - 4.2.15-5
+- Type:CVE
+- CVE:CVE-2025-26699
+- SUG:NA
+- DESC:fix CVE-2025-26699
+
 * Fri Jan 17 2025 yaoxin <1024769339@qq.com> - 4.2.15-4
 - Fix CVE-2024-56374