diff --git a/git-2.47.1.tar.xz b/git-2.47.3.tar.xz
similarity index 50%
rename from git-2.47.1.tar.xz
rename to git-2.47.3.tar.xz
index 20c12a0e78f4c6aea14f81ec942963571d787197..daae39f146893e502033987a69bc1133ae6d39fc 100644
Binary files a/git-2.47.1.tar.xz and b/git-2.47.3.tar.xz differ
diff --git a/git.spec b/git.spec
index 3a9a631fa4d7e0da4705dfd5df3918997aebce27..1357cd8bd7a9365bf895ad3ffe26018b2b54be16 100644
--- a/git.spec
+++ b/git.spec
@@ -1,4 +1,4 @@
-%define anolis_release 4
+%define anolis_release 1
 
 %bcond_without      docs
 %bcond_with         linkcheck
@@ -42,10 +42,8 @@ Patch1:         0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch
 Patch2:         0002-t-lib-git-daemon-try-harder-to-find-a-port.patch
 Patch3:         0003-t-lib-git-svn-try-harder-to-find-a-port.patch
 Patch4:         git-test-apache-davlockdbtype-config.patch
-#Upstream       https://github.com/git/git/commit/9de345cb273cc7faaeda279c7e07149d8a15a319
-Patch5:         0005-bug-fix-CVE-2025-48386-avoid-buffer-overflow-in-wcsncat.patch
 # https://github.com/gitgitgadget/git/pull/1853
-Patch6:         0004-backport-CVE-2024-52005.patch
+Patch5:         0004-backport-CVE-2024-52005.patch
 
 %if %{with docs}
 BuildRequires:  /usr/bin/pod2man
@@ -699,6 +697,9 @@ rmdir --ignore-fail-on-non-empty "$testdir"
 
 
 %changelog
+* Fri Jul 11 2025 Yangcheng <yc02267530@alibaba-inc.com> - 2.47.3-1
+- update to 2.47.3 to fix CVE-2025-48384 CVE-2025-48385 CVE-2025-48386
+
 * Thu Jul 10 2025 wenxin <wenxin@alibaba-inc.com> - 2.47.1-4
 - Add patch to fix CVE-2024-52005