diff --git a/CVE-2022-33068-sbix-Limit-glyph-extents.patch b/CVE-2022-33068-sbix-Limit-glyph-extents.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c229a3c8a674d9444c0e4c249f13d1489bc2fb24
--- /dev/null
+++ b/CVE-2022-33068-sbix-Limit-glyph-extents.patch
@@ -0,0 +1,30 @@
+From 62e803b36173fd096d7ad460dd1d1db9be542593 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad@behdad.org>
+Date: Wed, 1 Jun 2022 07:38:21 -0600
+Subject: [PATCH 001/363] [sbix] Limit glyph extents
+
+Fixes https://github.com/harfbuzz/harfbuzz/issues/3557
+---
+ src/hb-ot-color-sbix-table.hh       |   6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/hb-ot-color-sbix-table.hh b/src/hb-ot-color-sbix-table.hh
+index 9741ebd45..6efae43cd 100644
+--- a/src/hb-ot-color-sbix-table.hh
++++ b/src/hb-ot-color-sbix-table.hh
+@@ -298,6 +298,12 @@ struct sbix
+ 
+       const PNGHeader &png = *blob->as<PNGHeader>();
+ 
++      if ((png.IHDR.height >= 65536) | (png.IHDR.width >= 65536))
++      {
++	hb_blob_destroy (blob);
++	return false;
++      }
++
+       extents->x_bearing = x_offset;
+       extents->y_bearing = png.IHDR.height + y_offset;
+       extents->width     = png.IHDR.width;
+-- 
+2.36.1
+
diff --git a/dist b/dist
new file mode 100644
index 0000000000000000000000000000000000000000..89c1faffc18349bb12eee2371e9dc43bf419b95c
--- /dev/null
+++ b/dist
@@ -0,0 +1 @@
+an9
diff --git a/download b/download
new file mode 100644
index 0000000000000000000000000000000000000000..9eb79957ca2db5c790d23da3c9410601e09adf30
--- /dev/null
+++ b/download
@@ -0,0 +1 @@
+6d8393e6fb84edfb15997d1c5ba35b1b  harfbuzz-2.7.4.tar.xz
diff --git a/harfbuzz-2.7.4.tar.xz b/harfbuzz-2.7.4.tar.xz
deleted file mode 100644
index a221feea81759c3ef77cfab3642f8113681a64ba..0000000000000000000000000000000000000000
Binary files a/harfbuzz-2.7.4.tar.xz and /dev/null differ
diff --git a/harfbuzz.spec b/harfbuzz.spec
index 56c59e70a65a4db500c1b534afe6162c6ca2645d..cec4775a57d64531b82ba349f6493183526474d9 100644
--- a/harfbuzz.spec
+++ b/harfbuzz.spec
@@ -1,13 +1,16 @@
 %define anolis_release .0.1
 Name:           harfbuzz
 Version:        2.7.4
-Release:        5%{anolis_release}%{?dist}
+Release:        8%{anolis_release}%{?dist}
 Summary:        Text shaping library
 
 License:        MIT
 URL:            https://harfbuzz.github.io/
 Source0:        https://github.com/harfbuzz/harfbuzz/releases/download/%{version}/harfbuzz-%{version}.tar.xz
 
+# Upstream patch https://github.com/harfbuzz/harfbuzz/issues/3557
+Patch0:         CVE-2022-33068-sbix-Limit-glyph-extents.patch
+
 BuildRequires:  cairo-devel
 BuildRequires:  freetype-devel
 BuildRequires:  glib2-devel
@@ -99,9 +102,22 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 %doc NEWS AUTHORS README
 
 %changelog
-* Tue Nov 29 2022 Chang Gao <gc-taifu@linux.alibaba.com> -  2.7.4-5.0.1
+* Mon May 15 2023 Chang Gao <gc-taifu@linux.alibaba.com> -  2.7.4-8.0.1
 - Add doc subpack
 
+* Mon Jul 18 2022 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-8
+- Resolves:rh#2103849
+- Update tests.yaml
+
+* Mon Jul 18 2022 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-7
+- Resolves:rh#2103849 CVE-2022-33068
+- Fix Covscan compiler warning for inclusion of parenthesis
+- Update tests.yaml
+
+* Fri Jul 15 2022 Parag Nemade <pnemade AT redhat DOT com> - 2.7.4-6
+- Resolves:rh#2103849 CVE-2022-33068
+  harfbuzz: integer overflow in the component hb-ot-shape-fallback.c
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.7.4-5
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688