diff --git a/0010-bugfix-for-CVE-2025-32911-CVE-2025-32913.patch b/0010-bugfix-for-CVE-2025-32911-CVE-2025-32913.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6f029d0cd6df7ff977b742561790d59555430a14
--- /dev/null
+++ b/0010-bugfix-for-CVE-2025-32911-CVE-2025-32913.patch
@@ -0,0 +1,110 @@
+From f2d316341c00a343d0b46edd590efa8c102521c3 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Fri, 27 Dec 2024 17:53:50 -0600
+Subject: [PATCH 1/2] soup_message_headers_get_content_disposition: Fix NULL
+ deref
+
+---
+ libsoup/soup-message-headers.c | 13 +++++++++----
+ tests/header-parsing-test.c    | 13 +++++++++++++
+ 2 files changed, 22 insertions(+), 4 deletions(-)
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index 5c8c7cb9..ccf31233 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -1443,10 +1443,15 @@ soup_message_headers_get_content_disposition (SoupMessageHeaders  *hdrs,
+ 	 */
+ 	if (params && g_hash_table_lookup_extended (*params, "filename",
+ 						    &orig_key, &orig_value)) {
+-		char *filename = strrchr (orig_value, '/');
+-
+-		if (filename)
+-			g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
++                if (orig_value) {
++                        char *filename = strrchr (orig_value, '/');
++
++                        if (filename)
++                                g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
++                } else {
++                        /* filename with no value isn't valid. */
++                        g_hash_table_remove (*params, "filename");
++                }
+ 	}
+ 	return TRUE;
+ }
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index 31edfd02..9b2d00aa 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -1034,6 +1034,7 @@ do_param_list_tests (void)
+ #define RFC5987_TEST_HEADER_FALLBACK "attachment; filename*=Unknown''t%FF%FF%FFst.txt; filename=\"test.txt\""
+ #define RFC5987_TEST_HEADER_NO_TYPE  "filename=\"test.txt\""
+ #define RFC5987_TEST_HEADER_NO_TYPE_2  "filename=\"test.txt\"; foo=bar"
++#define RFC5987_TEST_HEADER_EMPTY_FILENAME ";filename"
+ 
+ static void
+ do_content_disposition_tests (void)
+@@ -1135,6 +1136,18 @@ do_content_disposition_tests (void)
+         g_assert_cmpstr (parameter2, ==, "bar");
+ 	g_hash_table_destroy (params);
+ 
++        /* Empty filename */
++        soup_message_headers_clear (hdrs);
++        soup_message_headers_append (hdrs, "Content-Disposition",
++				     RFC5987_TEST_HEADER_EMPTY_FILENAME);
++	if (!soup_message_headers_get_content_disposition (hdrs,
++							   &disposition,
++							   &params)) {
++		soup_test_assert (FALSE, "empty filename decoding FAILED");
++		return;
++	}
++        g_assert_false (g_hash_table_contains (params, "filename"));
++	g_hash_table_destroy (params);
+ 	soup_message_headers_free (hdrs);
+ 
+ 	/* Ensure that soup-multipart always quotes filename */
+-- 
+2.49.0
+
+
+From dd3a245941f117832dd1fdda4f8bc68b44e2810d Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Fri, 27 Dec 2024 18:00:39 -0600
+Subject: [PATCH 2/2] soup_message_headers_get_content_disposition: strdup
+ truncated filenames
+
+This table frees the strings it contains.
+---
+ libsoup/soup-message-headers.c | 2 +-
+ tests/header-parsing-test.c    | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index ccf31233..64847e30 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -1447,7 +1447,7 @@ soup_message_headers_get_content_disposition (SoupMessageHeaders  *hdrs,
+                         char *filename = strrchr (orig_value, '/');
+ 
+                         if (filename)
+-                                g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
++                                g_hash_table_insert (*params, g_strdup (orig_key), g_strdup (filename + 1));
+                 } else {
+                         /* filename with no value isn't valid. */
+                         g_hash_table_remove (*params, "filename");
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index 9b2d00aa..24a8c3d5 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -1112,6 +1112,7 @@ do_content_disposition_tests (void)
+ 		soup_test_assert (FALSE, "empty filename decoding FAILED");
+ 		return;
+ 	}
++        g_free (disposition);
+         g_assert_false (g_hash_table_contains (params, "filename"));
+ 	g_hash_table_destroy (params);
+ 	soup_message_headers_free (hdrs);
+-- 
+2.49.0
+
diff --git a/libsoup.spec b/libsoup.spec
index 99d0d0e9207a47f9bf14296f6b507961f4c8d99b..aee634414dab54a3b63f204058d7e0dc9a962c07 100644
--- a/libsoup.spec
+++ b/libsoup.spec
@@ -1,4 +1,4 @@
-%define anolis_release 9
+%define anolis_release 10
 %define glib2_version 2.58
 
 %{!?with_docs: %global with_docs 1}
@@ -21,6 +21,7 @@ Patch6: 0006-bugfix-for-CVE-2025-32912.patch
 Patch7: 0007-bugfix-for-CVE-2025-32912.patch
 Patch8: 0008-bugfix-for-CVE-2025-32050.patch
 Patch9: 0009-bugfix-for-CVE-2025-32053.patch
+Patch10: 0010-bugfix-for-CVE-2025-32911-CVE-2025-32913.patch
 
 BuildRequires: gettext
 BuildRequires: glib-networking
@@ -130,6 +131,9 @@ This package contains developer documentation for %{name}.
 %endif
 
 %changelog
+* Tue Jun 10 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 2.74.3-10
+- fix CVE-2025-32911 CVE-2025-32913
+
 * Mon Jun 09 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 2.74.3-9
 - fix CVE-2025-32053