diff --git a/CVE-2018-1311.patch b/CVE-2018-1311.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9ea279f61982ffca185e1569dd290675d887704b
--- /dev/null
+++ b/CVE-2018-1311.patch
@@ -0,0 +1,52 @@
+
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1311
+
+--- a/src/xercesc/internal/IGXMLScanner.cpp
++++ b/src/xercesc/internal/IGXMLScanner.cpp
+@@ -1532,7 +1532,6 @@ void IGXMLScanner::scanDocTypeDecl()
+             DTDEntityDecl* declDTD = new (fMemoryManager) DTDEntityDecl(gDTDStr, false, fMemoryManager);
+             declDTD->setSystemId(sysId);
+             declDTD->setIsExternal(true);
+-            Janitor<DTDEntityDecl> janDecl(declDTD);
+ 
+             // Mark this one as a throw at end
+             reader->setThrowAtEnd(true);
+@@ -3095,7 +3094,6 @@ Grammar* IGXMLScanner::loadDTDGrammar(co
+     DTDEntityDecl* declDTD = new (fMemoryManager) DTDEntityDecl(gDTDStr, false, fMemoryManager);
+     declDTD->setSystemId(src.getSystemId());
+     declDTD->setIsExternal(true);
+-    Janitor<DTDEntityDecl> janDecl(declDTD);
+ 
+     // Mark this one as a throw at end
+     newReader->setThrowAtEnd(true);
+--- a/tests/expected/MemHandlerTest1.log
++++ b/tests/expected/MemHandlerTest1.log
+@@ -1,4 +1,4 @@
+-At destruction, domBuilderMemMonitor has 0 bytes.
+-At destruction, sax2MemMonitor has 0 bytes.
+-At destruction, sax1MemMonitor has 0 bytes.
++At destruction, domBuilderMemMonitor has 276 bytes.
++At destruction, sax2MemMonitor has 276 bytes.
++At destruction, sax1MemMonitor has 276 bytes.
+ At destruction, staticMemMonitor has 0 bytes.
+--- /dev/null
++++ b/tests/expected/MemHandlerTest1_32.log
+@@ -0,0 +1,4 @@
++At destruction, domBuilderMemMonitor has 180 bytes.
++At destruction, sax2MemMonitor has 180 bytes.
++At destruction, sax1MemMonitor has 180 bytes.
++At destruction, staticMemMonitor has 0 bytes.
+--- a/scripts/run-test.in
++++ b/scripts/run-test.in
+@@ -46,6 +46,11 @@ run_test() {
+     sed -i -e 's;\( *[0-9][0-9]* *ms *\);{timing removed};' "$output"
+ 
+     exp=$(cat "${srcdir}/expected/${name}.log")
++
++    if [ "${name}" = "MemHandlerTest1" ] && [ "$(dpkg-architecture -q DEB_HOST_ARCH_BITS)" -eq 32 ]; then
++        exp=$(cat "${srcdir}/expected/${name}_32.log")
++    fi
++
+     obs=$(cat "$output")
+ 
+     echo "------"
diff --git a/xerces-c.spec b/xerces-c.spec
index dbc8e924543deed22cd98accb717a5c36ea5239d..bd8cab04f3d553e1e432769520caa88b1cdf343f 100644
--- a/xerces-c.spec
+++ b/xerces-c.spec
@@ -1,10 +1,11 @@
 Name:	        xerces-c
 Version:        3.2.2
-Release:        2
+Release:        3
 Summary:        A Validating XML Parser
 License:        ASL 2.0
 URL:	        http://xml.apache.org/xerces-c/
 Source0:        http://archive.apache.org/dist/xerces/c/3/sources/xerces-c-%{version}.tar.gz
+Patch1:         CVE-2018-1311.patch
 
 BuildRequires:	dos2unix
 
@@ -65,5 +66,8 @@ rm -rf $RPM_BUILD_ROOT%{_bindir}
 %doc README NOTICE CREDITS doc _docs/*
 
 %changelog
+* Tue Mar 23 2021 wangyue <wangyue92@huawei.com> - 3.2.2-3
+- fix CVE-2018-1311
+
 * Thu Mar 05 2020 daiqianwen <daiqianwen@huawei.com> - 3.2.2-2
 - Package init