diff --git a/0006-CVE-2023-44488-Fix-bug-with-smaller-width-bigger-size.patch b/0001-Fix-bug-with-smaller-width-bigger-size.patch
similarity index 100%
rename from 0006-CVE-2023-44488-Fix-bug-with-smaller-width-bigger-size.patch
rename to 0001-Fix-bug-with-smaller-width-bigger-size.patch
diff --git a/0005-CVE-2023-5217-VP8-disallow-thread-count-changes.patch b/0001-VP8-disallow-thread-count-changes.patch
similarity index 90%
rename from 0005-CVE-2023-5217-VP8-disallow-thread-count-changes.patch
rename to 0001-VP8-disallow-thread-count-changes.patch
index 01908e1fac08d547dc2f8b3e438b12cd62e2a8fb..a04a04d541209795d4bd2b7c9a546ad51adcec6b 100644
--- a/0005-CVE-2023-5217-VP8-disallow-thread-count-changes.patch
+++ b/0001-VP8-disallow-thread-count-changes.patch
@@ -1,4 +1,4 @@
-From 1b60c0d0f7a4176a0be5339ff8132db3e297f5e8 Mon Sep 17 00:00:00 2001
+From 3a03995efe86129cde5df3a7de32fecdfce3259e Mon Sep 17 00:00:00 2001
 From: James Zern <jzern@google.com>
 Date: Mon, 25 Sep 2023 18:55:59 -0700
 Subject: [PATCH] VP8: disallow thread count changes
@@ -14,7 +14,7 @@ Change-Id: Ie301c2a70847dff2f0daae408fbef1e4d42e73d4
  1 file changed, 5 insertions(+)
 
 diff --git a/vp8/encoder/onyx_if.c b/vp8/encoder/onyx_if.c
-index 2243182..e0c2207 100644
+index 224318242..e0c22070c 100644
 --- a/vp8/encoder/onyx_if.c
 +++ b/vp8/encoder/onyx_if.c
 @@ -1449,6 +1449,11 @@ void vp8_change_config(VP8_COMP *cpi, VP8_CONFIG *oxcf) {
@@ -30,5 +30,5 @@ index 2243182..e0c2207 100644
  
    switch (cpi->oxcf.Mode) {
 -- 
-2.31.1
+2.41.0
 
diff --git a/0001-vpx_codec_enc_init_multi-fix-double-free-on-init-fai.patch b/0001-vpx_codec_enc_init_multi-fix-double-free-on-init-fai.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4a1e656e6d9d355993d147cc25ff44920aafbfdf
--- /dev/null
+++ b/0001-vpx_codec_enc_init_multi-fix-double-free-on-init-fai.patch
@@ -0,0 +1,63 @@
+From 0af0dc1997cc3f2e78f72616a665ed7b6353189c Mon Sep 17 00:00:00 2001
+From: James Zern <jzern@google.com>
+Date: Wed, 30 Apr 2025 19:28:48 -0700
+Subject: [PATCH] vpx_codec_enc_init_multi: fix double free on init failure
+
+In `vp8e_init()`, the encoder would take ownership of
+`mr_cfg.mr_low_res_mode_info` even if `vp8_create_compressor()` failed.
+This caused confusion at the call site as other failures in
+`vp8e_init()` did not result in ownership transfer and the caller would
+free the memory. In the case of `vp8_create_compressor()` failure both
+the caller and `vpx_codec_destroy()` would free the memory, causing a
+crash. `mr_*` related variables are now cleared on failure to prevent
+this situation.
+
+Bug: webm:413411335
+Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1962421
+Change-Id: Ie951d42b9029a586bf9059b650bd8863db9f9ffc
+(cherry picked from commit 1c758781c428c0e895645b95b8ff1512b6bdcecb)
+---
+ vp8/vp8_cx_iface.c    | 12 +++++++++++-
+ vpx/src/vpx_encoder.c |  3 +++
+ 2 files changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/vp8/vp8_cx_iface.c b/vp8/vp8_cx_iface.c
+index af6689fd9..ab74e360a 100644
+--- a/vp8/vp8_cx_iface.c
++++ b/vp8/vp8_cx_iface.c
+@@ -657,7 +657,17 @@ static vpx_codec_err_t vp8e_init(vpx_codec_ctx_t *ctx,
+     if (!res) {
+       set_vp8e_config(&priv->oxcf, priv->cfg, priv->vp8_cfg, mr_cfg);
+       priv->cpi = vp8_create_compressor(&priv->oxcf);
+-      if (!priv->cpi) res = VPX_CODEC_MEM_ERROR;
++      if (!priv->cpi) {
++#if CONFIG_MULTI_RES_ENCODING
++        // Release ownership of mr_cfg->mr_low_res_mode_info on failure. This
++        // prevents ownership confusion with the caller and avoids a double
++        // free when vpx_codec_destroy() is called on this instance.
++        priv->oxcf.mr_total_resolutions = 0;
++        priv->oxcf.mr_encoder_id = 0;
++        priv->oxcf.mr_low_res_mode_info = NULL;
++#endif
++        res = VPX_CODEC_MEM_ERROR;
++      }
+     }
+   }
+ 
+diff --git a/vpx/src/vpx_encoder.c b/vpx/src/vpx_encoder.c
+index 1cf2dca69..4427efa2a 100644
+--- a/vpx/src/vpx_encoder.c
++++ b/vpx/src/vpx_encoder.c
+@@ -112,6 +112,9 @@ vpx_codec_err_t vpx_codec_enc_init_multi_ver(
+           ctx->priv = NULL;
+           ctx->init_flags = flags;
+           ctx->config.enc = cfg;
++          // ctx takes ownership of mr_cfg.mr_low_res_mode_info if and only if
++          // this call succeeds. The first ctx entry in the array is
++          // responsible for freeing the memory.
+           res = ctx->iface->init(ctx, &mr_cfg);
+         }
+ 
+-- 
+2.49.0
+
diff --git a/dist b/dist
new file mode 100644
index 0000000000000000000000000000000000000000..1fe92cf0fdf9c2625d878a2ace258f64c1e8ca44
--- /dev/null
+++ b/dist
@@ -0,0 +1 @@
+an8_10
diff --git a/download b/download
new file mode 100644
index 0000000000000000000000000000000000000000..0c171feadc2ca492af818a49640d391693d91b63
--- /dev/null
+++ b/download
@@ -0,0 +1 @@
+193346f9aec0726145e51db732417cd2  v1.7.0.tar.gz
diff --git a/libvpx.spec b/libvpx.spec
index 15dd594f7c11a6b4120c2b6c82aced2a54e4be2b..e0b63b9b381459b851784d1f642d840186d5a055 100644
--- a/libvpx.spec
+++ b/libvpx.spec
@@ -7,7 +7,7 @@
 Name:			libvpx
 Summary:		VP8/VP9 Video Codec SDK
 Version:		1.7.0
-Release:		11%{anolis_release}%{?dist}
+Release:		12%{anolis_release}%{?dist}
 License:		BSD
 Group:			System Environment/Libraries
 #Source0:		http://downloads.webmproject.org/releases/webm/%{name}-%{version}.tar.bz2
@@ -26,14 +26,13 @@ Patch1:			0001-CVE-2019-9232-Fix-OOB-memory-access-on-fuzzed-data.patch
 Patch2:			0002-CVE-2019-9433-VP8-Fix-use-after-free-in-postproc.patch
 Patch3:			0003-CVE-2019-9371-update-libwebm.patch
 Patch4:			0004-CVE-2019-2126-update-libwebm-to-libwebm-1.0.0.27-361.patch
-Patch5:                 0005-CVE-2023-5217-VP8-disallow-thread-count-changes.patch
-Patch6:                 0006-CVE-2023-44488-Fix-bug-with-smaller-width-bigger-size.patch
-
-# Upstream CVE-2024-5197:https://chromium.googlesource.com/webm/libvpx/+/74c70af01667733483dc69298b8921779f5f6ff3  
+Patch5:			0001-Fix-bug-with-smaller-width-bigger-size.patch
+Patch6:			0001-VP8-disallow-thread-count-changes.patch
 Patch7:			0001-Fix-integer-overflows-in-calc-of-stride_in_bytes.patch
 Patch8:			0002-Apply-stride_align-to-byte-count-not-pixel-count.patch
 Patch9:			0003-Fix-a-bug-in-alloc_size-for-high-bit-depths.patch
 Patch10:		include-limits.patch
+Patch11:		0001-vpx_codec_enc_init_multi-fix-double-free-on-init-fai.patch
 
 %description
 libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications 
@@ -79,6 +78,7 @@ Doc pages for %{name}.
 %patch8 -p1 -b .0008
 %patch9 -p1 -b .0009
 %patch10 -p1 -b .0010
+%patch11 -p1 -b .0011
 
 %build
 %ifarch %{ix86}
@@ -270,18 +270,25 @@ rm -rf %{buildroot}%{_prefix}/src
 %doc AUTHORS CHANGELOG README
 
 %changelog
-* Wed Sep 18 2024 Kai Song <songkai01@ieisystem.com> - -1.7.0-11.0.1
-- Fix CVE-2023-6349
-- Fix CVE-2024-5197
+* Mon Jun 23 2025 Xiaoping Liu <liuxiaoping@alibaba-inc.com> - 1.7.0-12.0.1
+- Add doc sub package
 
-* Thu Oct 12 2023 Bo Liu <liubo03@inspur.com> -1.7.0-10.0.1
-- Fix bug with smaller width bigger size (CVE-2023-44488)
+* Tue Jun 03 2025 Wim Taymans <wtaymans@redhat.com> - 1.7.0-12
+- Add patch for double free
+  Resolves: RHEL-93914
 
-* Wed Oct 11 2023 Kaiqiang Wang <wangkaiqiang@isnpur.com> - 1.7.0-9.0.1
-- VP8: disallow thread count changes (CVE-2023-5217)
+* Fri Jul 5 2024 Wim Taymans <wtaymans@redhat.com> - 1.7.0-11
+- Add patch to fix integer overflows.
+- Fix compilation by including limits.h
+- Resolves: RHEL-40650
 
-* Wed Jul 20 2022 Xiaoping Liu <liuxiaoping@alibaba-inc.com> - 1.7.0-8.0.1
-- Add doc sub package
+* Thu Oct 5 2023 Wim Taymans <wtaymans@redhat.com> - 1.7.0-10
+- Add patch for CVE-2023-5217
+- Resolves: RHEL-10612
+
+* Tue Oct 3 2023 Wim Taymans <wtaymans@redhat.com> - 1.7.0-9
+- Add patch for CVE-2023-44488
+- Resolves: RHEL-11615
 
 * Wed Apr 1 2020 Wim Taymans <wtaymans@redhat.com> - 1.7.0-8
 - Resolves: rhbz#1796086, rhbz#1796100, rhbz#1796448, rhbz#1796454
diff --git a/v1.7.0.tar.gz b/v1.7.0.tar.gz
deleted file mode 100644
index 5147d664a6543a9e59542fb6c47584a3c09c671e..0000000000000000000000000000000000000000
Binary files a/v1.7.0.tar.gz and /dev/null differ