diff --git a/CVE-2020-14928.patch b/CVE-2020-14928.patch
new file mode 100644
index 0000000000000000000000000000000000000000..36027e4f2d83e50713318e54c239b08dc5b9023f
--- /dev/null
+++ b/CVE-2020-14928.patch
@@ -0,0 +1,91 @@
+diff -Naru evolution-data-server-3.30.1/src/camel/camel-stream-buffer.c evolution-data-server-3.30.1-new/src/camel/camel-stream-buffer.c
+--- evolution-data-server-3.30.1/src/camel/camel-stream-buffer.c	2018-09-24 14:42:33.000000000 +0800
++++ evolution-data-server-3.30.1-new/src/camel/camel-stream-buffer.c	2022-07-13 19:27:13.796475000 +0800
+@@ -524,3 +524,22 @@
+ 
+ 	return g_strdup ((gchar *) sbf->priv->linebuf);
+ }
++
++/**
++ * camel_stream_buffer_discard_cache:
++ * @sbf: a #CamelStreamBuffer
++ *
++ * Discards any cached data in the @sbf. The next read reads
++ * from the stream.
++ *
++ * Since: 3.38
++ **/
++void
++camel_stream_buffer_discard_cache (CamelStreamBuffer *sbf)
++{
++	g_return_if_fail (CAMEL_IS_STREAM_BUFFER (sbf));
++
++	sbf->priv->ptr = sbf->priv->buf;
++	sbf->priv->end = sbf->priv->buf;
++	sbf->priv->ptr[0] = '\0';
++}
+\ No newline at end of file
+diff -Naru evolution-data-server-3.30.1/src/camel/camel-stream-buffer.h evolution-data-server-3.30.1-new/src/camel/camel-stream-buffer.h
+--- evolution-data-server-3.30.1/src/camel/camel-stream-buffer.h	2018-09-24 14:42:33.000000000 +0800
++++ evolution-data-server-3.30.1-new/src/camel/camel-stream-buffer.h	2022-07-13 19:27:11.436475000 +0800
+@@ -93,6 +93,8 @@
+ gchar *		camel_stream_buffer_read_line	(CamelStreamBuffer *sbf,
+ 						 GCancellable *cancellable,
+ 						 GError **error);
++void		camel_stream_buffer_discard_cache
++						(CamelStreamBuffer *sbf);
+ 
+ G_END_DECLS
+ 
+diff -Naru evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-store.c evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-store.c
+--- evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-store.c	2018-09-24 14:42:33.000000000 +0800
++++ evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-store.c	2022-07-13 19:29:24.216618000 +0800
+@@ -208,6 +208,8 @@
+ 
+ 	if (tls_stream != NULL) {
+ 		camel_stream_set_base_stream (stream, tls_stream);
++		/* Truncate any left cached input from the insecure part of the session */
++		camel_pop3_stream_discard_cache (pop3_engine->stream);
+ 		g_object_unref (tls_stream);
+ 	} else {
+ 		g_prefix_error (
+diff -Naru evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-stream.c evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-stream.c
+--- evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-stream.c	2018-09-24 14:42:33.000000000 +0800
++++ evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-stream.c	2022-07-13 19:29:23.036618000 +0800
+@@ -457,3 +457,13 @@
+ 
+ 	return 1;
+ }
++void
++camel_pop3_stream_discard_cache (CamelPOP3Stream *is)
++{
++	if (is) {
++		is->ptr = is->end = is->buf;
++		is->lineptr = is->linebuf;
++		is->lineend = is->linebuf + CAMEL_POP3_STREAM_LINE_SIZE;
++		is->ptr[0] = '\n';
++	}
++}
+diff -Naru evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-stream.h evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-stream.h
+--- evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-stream.h	2018-09-24 14:42:33.000000000 +0800
++++ evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-stream.h	2022-07-13 19:29:57.168129000 +0800
+@@ -87,6 +87,7 @@
+ 						 guint *len,
+ 						 GCancellable *cancellable,
+ 						 GError **error);
++void		camel_pop3_stream_discard_cache	(CamelPOP3Stream *is);
+ 
+ G_END_DECLS
+ 
+diff -Naru evolution-data-server-3.30.1/src/camel/providers/smtp/camel-smtp-transport.c evolution-data-server-3.30.1-new/src/camel/providers/smtp/camel-smtp-transport.c
+--- evolution-data-server-3.30.1/src/camel/providers/smtp/camel-smtp-transport.c	2018-09-24 14:42:33.000000000 +0800
++++ evolution-data-server-3.30.1-new/src/camel/providers/smtp/camel-smtp-transport.c	2022-07-13 19:30:27.920458000 +0800
+@@ -319,6 +319,8 @@
+ 
+ 	if (tls_stream != NULL) {
+ 		camel_stream_set_base_stream (stream, tls_stream);
++		/* Truncate any left cached input from the insecure part of the session */
++		camel_stream_buffer_discard_cache (transport->istream);
+ 		g_object_unref (tls_stream);
+ 	} else {
+ 		g_prefix_error (
diff --git a/evolution-data-server.spec b/evolution-data-server.spec
index 91545a25a47b77fb8e6a7c4917d034967debbd4b..4d56c9d84511fd8b0696f00611f0f1fecff00a37 100644
--- a/evolution-data-server.spec
+++ b/evolution-data-server.spec
@@ -2,7 +2,7 @@
 
 Name:           evolution-data-server
 Version:        3.30.1
-Release:        4
+Release:        5
 Summary:        Backend data server for Evolution
 License:        LGPLv2+
 URL:            https://wiki.gnome.org/Apps/Evolution
@@ -10,6 +10,7 @@ Source:         http://download.gnome.org/sources/%{name}/3.30/%{name}-%{version
 
 #https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5.patch
 Patch0:         CVE-2020-16117.patch
+Patch1:         CVE-2020-14928.patch
 
 Provides:       evolution-webcal = %{version}
 Obsoletes:      evolution-webcal < 2.24.0 compat-evolution-data-server310-libcamel < 3.12
@@ -165,6 +166,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || :
 %{_libexecdir}/evolution-data-server/csv2vcard
 
 %changelog
+* Thu Jul 14 2022 weichao.zhang <weichao.zhang@epro.com.cn> - 3.30.1-5
+- Fix CVE-2020-14928
+
 * Fri Apr 22 2022 yaoxin <yaoxin30@h-partners.com> - 3.30.1-4
 - Fix CVE-2020-16117