diff --git a/0124-CVE-2024-34155-track-depth-in-nested-element-lists.patch b/0124-CVE-2024-34155-track-depth-in-nested-element-lists.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a1a761f8455d4242a5a9135e019073fafa8018dd
--- /dev/null
+++ b/0124-CVE-2024-34155-track-depth-in-nested-element-lists.patch
@@ -0,0 +1,60 @@
+commit b232596139dbe96a62edbe3a2a203e856bf556eb
+Author: Roland Shoemaker <bracewell@google.com>
+Date:   Mon Jun 10 15:34:12 2024 -0700
+
+    [release-branch.go1.22] go/parser: track depth in nested element lists
+    
+    Prevents stack exhaustion with extremely deeply nested literal values,
+    i.e. field values in structs.
+    
+    Updates #69138
+    Fixes #69142
+    Fixes CVE-2024-34155
+    
+    Change-Id: I2e8e33b44105cc169d7ed1ae83fb56df0c10f1ee
+    Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1520
+    Reviewed-by: Robert Griesemer <gri@google.com>
+    Reviewed-by: Damien Neil <dneil@google.com>
+    Reviewed-by: Russ Cox <rsc@google.com>
+    (cherry picked from commit eb1b038c0d01761694e7a735ef87ac9164c6568e)
+    Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1561
+    Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
+    Reviewed-on: https://go-review.googlesource.com/c/go/+/611181
+    Reviewed-by: Michael Pratt <mpratt@google.com>
+    TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com>
+    Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
+    Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+
+diff --git a/src/go/parser/parser.go b/src/go/parser/parser.go
+index 17808b366f..f268dea1a6 100644
+--- a/src/go/parser/parser.go
++++ b/src/go/parser/parser.go
+@@ -1676,6 +1676,8 @@ func (p *parser) parseElementList() (list []ast.Expr) {
+ }
+ 
+ func (p *parser) parseLiteralValue(typ ast.Expr) ast.Expr {
++	defer decNestLev(incNestLev(p))
++
+ 	if p.trace {
+ 		defer un(trace(p, "LiteralValue"))
+ 	}
+diff --git a/src/go/parser/parser_test.go b/src/go/parser/parser_test.go
+index 43b3416b27..c6dca66760 100644
+--- a/src/go/parser/parser_test.go
++++ b/src/go/parser/parser_test.go
+@@ -598,10 +598,11 @@ var parseDepthTests = []struct {
+ 	{name: "chan2", format: "package main; var x «<-chan »int"},
+ 	{name: "interface", format: "package main; var x «interface { M() «int» }»", scope: true, scopeMultiplier: 2}, // Scopes: InterfaceType, FuncType
+ 	{name: "map", format: "package main; var x «map[int]»int"},
+-	{name: "slicelit", format: "package main; var x = «[]any{«»}»", parseMultiplier: 2},             // Parser nodes: UnaryExpr, CompositeLit
+-	{name: "arraylit", format: "package main; var x = «[1]any{«nil»}»", parseMultiplier: 2},         // Parser nodes: UnaryExpr, CompositeLit
+-	{name: "structlit", format: "package main; var x = «struct{x any}{«nil»}»", parseMultiplier: 2}, // Parser nodes: UnaryExpr, CompositeLit
+-	{name: "maplit", format: "package main; var x = «map[int]any{1:«nil»}»", parseMultiplier: 2},    // Parser nodes: CompositeLit, KeyValueExpr
++	{name: "slicelit", format: "package main; var x = []any{«[]any{«»}»}", parseMultiplier: 3},      // Parser nodes: UnaryExpr, CompositeLit
++	{name: "arraylit", format: "package main; var x = «[1]any{«nil»}»", parseMultiplier: 3},         // Parser nodes: UnaryExpr, CompositeLit
++	{name: "structlit", format: "package main; var x = «struct{x any}{«nil»}»", parseMultiplier: 3}, // Parser nodes: UnaryExpr, CompositeLit
++	{name: "maplit", format: "package main; var x = «map[int]any{1:«nil»}»", parseMultiplier: 3},    // Parser nodes: CompositeLit, KeyValueExpr
++	{name: "element", format: "package main; var x = struct{x any}{x: «{«»}»}"},
+ 	{name: "dot", format: "package main; var x = «x.»x"},
+ 	{name: "index", format: "package main; var x = x«[1]»"},
+ 	{name: "slice", format: "package main; var x = x«[1:2]»"},
diff --git a/golang.spec b/golang.spec
index bf818b8ade9da2f5c839263a3afbb4aa73cf2eee..2c88e746205206c08982ef6256a7ead04ccb786f 100644
--- a/golang.spec
+++ b/golang.spec
@@ -58,7 +58,7 @@
 
 Name:           golang
 Version:        1.15.7
-Release:        46
+Release:        47
 Summary:        The Go Programming Language
 License:        BSD and Public Domain
 URL:            https://golang.org/
@@ -265,6 +265,8 @@ Patch6120:	0120-Backport-net-http-update-bundled-golang.org-x-net-ht.patch
 Patch6121:	0121-Backport-cmd-go-disallow-lto_library-in-LDFLAGS.patch
 Patch6122:	0122-Backport-archive-zip-treat-truncated-EOCDR-comment-a.patch
 Patch6123:	0123-Backport-net-http-send-body-or-close-connection-on-e.patch
+Patch6124:  0124-CVE-2024-34155-track-depth-in-nested-element-lists.patch
+
 
 Patch9001:  0001-drop-hard-code-cert.patch
 Patch9002:  0002-fix-patch-cmd-go-internal-modfetch-do-not-sho.patch
@@ -504,6 +506,12 @@ fi
 %files devel -f go-tests.list -f go-misc.list -f go-src.list
 
 %changelog
+* Fri Sep 13 2024 Yu Peng <yupeng@kylinos.cn> - 1.15.7-47
+- Type:CVE
+- CVE:CVE-2024-34155
+- SUG:NA
+- DESC:fix CVE-2024-34155
+
 * Tue Aug 13 2024 hanchao <hanchao63@huawei.com> - 1.15.7-46
 - Type:CVE
 - CVE:CVE-2024-24791