diff --git a/CVE-2023-33285.patch b/CVE-2023-33285.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8346573a2a3db77b43c6a511f9d83d7faa3727cc
--- /dev/null
+++ b/CVE-2023-33285.patch
@@ -0,0 +1,73 @@
+diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp
+index 12b40fc3..99e999d4 100644
+--- a/src/network/kernel/qdnslookup_unix.cpp
++++ b/src/network/kernel/qdnslookup_unix.cpp
+@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
+     // responseLength in case of error, we still can extract the
+     // exact error code from the response.
+     HEADER *header = (HEADER*)response;
+-    const int answerCount = ntohs(header->ancount);
+     switch (header->rcode) {
+     case NOERROR:
+         break;
+@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
+         return;
+     }
+ 
+-    // Skip the query host, type (2 bytes) and class (2 bytes).
+     char host[PACKETSZ], answer[PACKETSZ];
+     unsigned char *p = response + sizeof(HEADER);
+-    int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
+-    if (status < 0) {
++    int status;
++
++    if (ntohs(header->qdcount) == 1) {
++        // Skip the query host, type (2 bytes) and class (2 bytes).
++        status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
++        if (status < 0) {
++            reply->error = QDnsLookup::InvalidReplyError;
++            reply->errorString = tr("Could not expand domain name");
++            return;
++        }
++        if ((p - response) + status + 4 >= responseLength)
++            header->qdcount = 0xffff;   // invalid reply below
++        else
++            p += status + 4;
++    }
++    if (ntohs(header->qdcount) > 1) {
+         reply->error = QDnsLookup::InvalidReplyError;
+-        reply->errorString = tr("Could not expand domain name");
++        reply->errorString = tr("Invalid reply received");
+         return;
+     }
+-    p += status + 4;
+ 
+     // Extract results.
++    const int answerCount = ntohs(header->ancount);
+     int answerIndex = 0;
+     while ((p < response + responseLength) && (answerIndex < answerCount)) {
+         status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
+@@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
+         const QString name = QUrl::fromAce(host);
+ 
+         p += status;
++
++        if ((p - response) + 10 > responseLength) {
++            // probably just a truncated reply, return what we have
++            return;
++        }
+         const quint16 type = (p[0] << 8) | p[1];
+         p += 2; // RR type
+         p += 2; // RR class
+@@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
+         p += 4;
+         const quint16 size = (p[0] << 8) | p[1];
+         p += 2;
++        if ((p - response) + size > responseLength)
++            return;             // truncated
+ 
+         if (type == QDnsLookup::A) {
+             if (size != 4) {
+-- 
+2.27.0
+
diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec
index eeb5f56766bff9569410df78e8533832d3ebb4e0..39523407f8f5621b23e15c69b5597cce0c701d50 100644
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@@ -13,7 +13,7 @@
 Name:             qt5-qtbase
 Summary:          Core component of Qt toolkit
 Version:          5.11.1
-Release:          16
+Release:          17
 License:          LGPLv2 with exceptions or GPLv3 with exceptions
 Url:              http://qt-project.org/
 Source0:          https://download.qt.io/new_archive/qt/5.11/%{version}/submodules/qtbase-everywhere-src-%{version}.tar.xz
@@ -50,6 +50,7 @@ Patch6008:        CVE-2023-32763.patch
 # https://download.qt.io/official_releases/qt/5.15/CVE-2023-37369-qtbase-5.15.diff
 Patch6009:        CVE-2023-37369-pre.patch
 Patch6010:        CVE-2023-37369.patch
+Patch6011:        CVE-2023-33285.patch
 
 BuildRequires:    pkgconfig(libsystemd) cups-devel desktop-file-utils findutils
 BuildRequires:    libjpeg-devel libmng-devel libtiff-devel pkgconfig(alsa)
@@ -112,7 +113,8 @@ The qt5-qtbase-devel contains libraries and header files for qt5-qtbase.
 
 %package mysql
 Summary:          MySQL driver for Qt5's SQL classes
-BuildRequires:    mysql-devel
+BuildRequires:    mariadb-connector-c-devel
+#BuildRequires:    mysql-devel
 Requires:         %{name} = %{version}-%{release}
 %description mysql
 Qt5-qtbase-mysql provides MySQL driver for Qt5's SQL classes.
@@ -416,6 +418,9 @@ fi
 
 
 %changelog
+* Wed Nov 01 2023 peijiankang <peijiankang@kylinos.cn> - 5.11.1-17
+- Fix CVE-2023-33285.patch
+
 * Fri Sep 01 2023 wangkai <13474090681@163.com> - 5.11.1-16
 - Fix CVE-2023-37369