diff --git a/backport-0002-CVE-2022-48337.patch b/backport-0002-CVE-2022-48337.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5c3f2fbb6c5121c4e241892cc6f2d49afa689b1d
--- /dev/null
+++ b/backport-0002-CVE-2022-48337.patch
@@ -0,0 +1,25 @@
+From c6ece14812f32a7f9f0d69497c886d178730a75f Mon Sep 17 00:00:00 2001
+From: Super User <root@localhost.localdomain>
+Date: Mon, 25 Sep 2023 14:14:02 +0800
+Subject: [PATCH] backport 0002 CVE-2022-48337
+
+---
+ lib-src/etags.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib-src/etags.c b/lib-src/etags.c
+index a6bd7f6..ea80ba6 100644
+--- a/lib-src/etags.c
++++ b/lib-src/etags.c
+@@ -1714,6 +1714,8 @@ process_file_name (char *file, language *lang)
+           int buf_len = strlen (compr->command) + strlen ("  > ") + strlen (new_real_name) + strlen (new_tmp_name) + 1;
+           char *cmd = xmalloc (buf_len);
+           snprintf (cmd, buf_len, "%s %s > %s", compr->command, new_real_name, new_tmp_name);
++	  free (new_real_name);
++	  free (new_tmp_name);
+ #endif
+ 	  inf = (system (cmd) == -1
+ 		 ? NULL
+-- 
+2.41.0
+
diff --git a/emacs.spec b/emacs.spec
index c842cda85891d48f2b2c2aeb2a42e44111226c1a..b94db2fc9d34dbb5686dc4aff5d817d158e146fa 100644
--- a/emacs.spec
+++ b/emacs.spec
@@ -8,7 +8,7 @@
 Name:          emacs
 Epoch:         1
 Version:       28.2
-Release:       4
+Release:       5
 Summary:       An extensible GNU text editor
 License:       GPLv3+ and CC0-1.0
 URL:           http://www.gnu.org/software/emacs
@@ -31,10 +31,11 @@ Patch6003:        backport-CVE-2022-45939.patch
 Patch6004:        backport-CVE-2022-48337.patch
 Patch6005:        backport-CVE-2022-48338.patch
 Patch6006:        backport-CVE-2022-48339.patch
-Patch6007:	  backport-CVE-2023-27985.patch
-Patch6008:	  backport-CVE-2023-27986.patch
+Patch6007:        backport-CVE-2023-27985.patch
+Patch6008:        backport-CVE-2023-27986.patch
 Patch6009:        backport-0001-CVE-2023-28617.patch
 Patch6010:        backport-0002-CVE-2023-28617.patch
+Patch6011:        backport-0002-CVE-2022-48337.patch
 
 Patch9000:        emacs-deal-taboo-words.patch
 
@@ -419,6 +420,9 @@ fi
 %{_mandir}/*/*
 
 %changelog
+* Mon Sep 25 2023 leeffo <liweiganga@uniontech.com> - 1:28.2-5
+- fix CVE-2022-48337
+
 * Fri Mar 24 2023 zhangpan <zhangpan103@h-partners.com> - 1:28.2-4
 - fix CVE-2023-28617