diff --git a/backport-CVE-2022-41317.patch b/backport-CVE-2022-41317.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1c4b351db892745f9f228db0ca8b3e01d22b10e5
--- /dev/null
+++ b/backport-CVE-2022-41317.patch
@@ -0,0 +1,22 @@
+From 2c5d2de9bdcd25d1127987f8f76c986ab5bfb6da Mon Sep 17 00:00:00 2001
+From: Amos Jeffries <yadij@users.noreply.github.com>
+Date: Wed, 17 Aug 2022 23:32:43 +0000
+Subject: [PATCH] Fix typo in manager ACL (#1113)
+
+---
+ src/cf.data.pre | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/cf.data.pre b/src/cf.data.pre
+index 4aef432cad1..f15d56b13d7 100644
+--- a/src/cf.data.pre
++++ b/src/cf.data.pre
+@@ -1001,7 +1001,7 @@ DEFAULT: ssl::certUntrusted ssl_error X509_V_ERR_INVALID_CA X509_V_ERR_SELF_SIGN
+ DEFAULT: ssl::certSelfSigned ssl_error X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
+ ENDIF
+ DEFAULT: all src all
+-DEFAULT: manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid-internal-mgr/
++DEFAULT: manager url_regex -i ^cache_object:// +i ^[^:]+://[^/]+/squid-internal-mgr/
+ DEFAULT: localhost src 127.0.0.1/32 ::1
+ DEFAULT: to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1/128 ::/128
+ DEFAULT_DOC: ACLs all, manager, localhost, and to_localhost are predefined.
diff --git a/squid.spec b/squid.spec
index 899eca77b33265e23969b6f64a9bce8f62797358..65166258f4f622687ed4f6afe36153d51e010d01 100644
--- a/squid.spec
+++ b/squid.spec
@@ -2,7 +2,7 @@
 
 Name:     squid
 Version:  4.9
-Release:  11
+Release:  12
 Summary:  The Squid proxy caching server
 Epoch:    7
 License:  GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
@@ -42,6 +42,7 @@ Patch21:backport-CVE-2021-31806-CVE-2021-31808.patch
 Patch22:backport-CVE-2021-33620.patch
 Patch23:backport-CVE-2021-28116.patch
 Patch24:backport-CVE-2021-46784.patch
+Patch25:backport-CVE-2022-41317.patch
 
 Buildroot: %{_tmppath}/squid-4.9-1-root-%(%{__id_u} -n)
 Requires: bash >= 2.0
@@ -227,6 +228,12 @@ fi
     chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || :
 
 %changelog
+* Sat Sep 24 2022 gaihuiying <eaglegai@163.com> - 7:4.9-12
+- Type:cves
+- ID:CVE-2022-41317
+- SUG:NA
+- DESC:fix CVE-2022-41317
+
 * Mon Jun 27 2022 gaihuiying <eaglegai@163.com> - 4.9-11
 - Type:cves
 - ID:CVE-2021-46784