diff --git a/0068-Backport-go-parser-track-depth-in-nested-element-lis.patch b/0068-Backport-go-parser-track-depth-in-nested-element-lis.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f9fe8abd9fdc6a3cbbe9604912e006c7f01876a6
--- /dev/null
+++ b/0068-Backport-go-parser-track-depth-in-nested-element-lis.patch
@@ -0,0 +1,71 @@
+From e7581d44ab3029f863b732f624ba44b1495a2936 Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <bracewell@google.com>
+Date: Mon, 10 Jun 2024 15:34:12 -0700
+Subject: [PATCH] [Backport] go/parser: track depth in nested element lists
+
+CVE: CVE-2024-34155
+Reference: https://go-review.googlesource.com/c/go/+/611238
+
+Prevents stack exhaustion with extremely deeply nested literal values,
+i.e. field values in structs.
+
+Note: The upstream does not submit this change to go1.17 according to the rules of MinorReleases.
+Corego3.x are based on go1.17.8. Therefore, it need to submit the change to corego3.x.
+
+Edited-by: qinlonglong q00508429
+
+Fixes #69138
+Fixes CVE-2024-34155
+
+Change-Id: I2e8e33b44105cc169d7ed1ae83fb56df0c10f1ee
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1520
+Reviewed-by: Robert Griesemer gri@google.com
+Reviewed-by: Damien Neil dneil@google.com
+Reviewed-by: Russ Cox rsc@google.com
+Reviewed-on: https://go-review.googlesource.com/c/go/+/611238
+LUCI-TryBot-Result: Go LUCI golang-scoped@luci-project-accounts.iam.gserviceaccount.com
+Reviewed-by: Roland Shoemaker roland@golang.org
+Reviewed-by: Dmitri Shuralyov dmitshur@google.com
+Auto-Submit: Dmitri Shuralyov dmitshur@golang.org
+Signed-off-by: QinLongLong qinlonglong@huawei.com
+---
+ src/go/parser/parser.go      | 2 ++
+ src/go/parser/parser_test.go | 9 +++++----
+ 2 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/src/go/parser/parser.go b/src/go/parser/parser.go
+index 2c42b9f8cc..a728d9a68a 100644
+--- a/src/go/parser/parser.go
++++ b/src/go/parser/parser.go
+@@ -1481,6 +1481,8 @@ func (p *parser) parseElementList() (list []ast.Expr) {
+ }
+ 
+ func (p *parser) parseLiteralValue(typ ast.Expr) ast.Expr {
++	defer decNestLev(incNestLev(p))
++
+ 	if p.trace {
+ 		defer un(trace(p, "LiteralValue"))
+ 	}
+diff --git a/src/go/parser/parser_test.go b/src/go/parser/parser_test.go
+index 993df6315f..b2cd501a44 100644
+--- a/src/go/parser/parser_test.go
++++ b/src/go/parser/parser_test.go
+@@ -607,10 +607,11 @@ var parseDepthTests = []struct {
+ 	{name: "chan2", format: "package main; var x «<-chan »int"},
+ 	{name: "interface", format: "package main; var x «interface { M() «int» }»", scope: true, scopeMultiplier: 2}, // Scopes: InterfaceType, FuncType
+ 	{name: "map", format: "package main; var x «map[int]»int"},
+-	{name: "slicelit", format: "package main; var x = «[]any{«»}»", parseMultiplier: 2},             // Parser nodes: UnaryExpr, CompositeLit
+-	{name: "arraylit", format: "package main; var x = «[1]any{«nil»}»", parseMultiplier: 2},         // Parser nodes: UnaryExpr, CompositeLit
+-	{name: "structlit", format: "package main; var x = «struct{x any}{«nil»}»", parseMultiplier: 2}, // Parser nodes: UnaryExpr, CompositeLit
+-	{name: "maplit", format: "package main; var x = «map[int]any{1:«nil»}»", parseMultiplier: 2},    // Parser nodes: CompositeLit, KeyValueExpr
++	{name: "slicelit", format: "package main; var x = []any{«[]any{«»}»}", parseMultiplier: 3},      // Parser nodes: UnaryExpr, CompositeLit
++	{name: "arraylit", format: "package main; var x = «[1]any{«nil»}»", parseMultiplier: 3},         // Parser nodes: UnaryExpr, CompositeLit
++	{name: "structlit", format: "package main; var x = «struct{x any}{«nil»}»", parseMultiplier: 3}, // Parser nodes: UnaryExpr, CompositeLit
++	{name: "maplit", format: "package main; var x = «map[int]any{1:«nil»}»", parseMultiplier: 3},    // Parser nodes: CompositeLit, KeyValueExpr
++	{name: "element", format: "package main; var x = struct{x any}{x: «{«»}»}"},
+ 	{name: "dot", format: "package main; var x = «x.»x"},
+ 	{name: "index", format: "package main; var x = x«[1]»"},
+ 	{name: "slice", format: "package main; var x = x«[1:2]»"},
+-- 
+2.33.0
+
diff --git a/golang.spec b/golang.spec
index 908ab9dfb2a36599d07c152ad66011390dcc0b46..5f85d12b3b865c4d49a5c2cf4e6cf8ceefdce4aa 100644
--- a/golang.spec
+++ b/golang.spec
@@ -63,7 +63,7 @@
 
 Name:           golang
 Version:        1.17.3
-Release:        35
+Release:        36
 Summary:        The Go Programming Language
 License:        BSD and Public Domain
 URL:            https://golang.org/
@@ -217,6 +217,7 @@ Patch6064:	0064-Backport-net-http-update-bundled-golang.org-x-net-ht.patch
 Patch6065:	0065-Backport-cmd-go-disallow-lto_library-in-LDFLAGS.patch
 Patch6066:	0066-Backport-archive-zip-treat-truncated-EOCDR-comment-a.patch
 Patch6067:	0067-Backport-net-http-send-body-or-close-connection-on-e.patch
+Patch6068:	0068-Backport-go-parser-track-depth-in-nested-element-lis.patch
 
 ExclusiveArch:  %{golang_arches}
 
@@ -455,6 +456,12 @@ fi
 %files devel -f go-tests.list -f go-misc.list -f go-src.list
 
 %changelog
+* Wed Oct 16 2024 hanchao <hanchao63@huawei.com> - 1.17.3-36
+- Type:CVE
+- CVE:CVE-2024-34155
+- SUG:NA
+- DESC:fix CVE-2024-34155
+
 * Tue Aug 06 2024 hanchao <hanchao63@huawei.com> - 1.17.3-35
 - Type:CVE
 - CVE:CVE-2024-24791
@@ -562,6 +569,12 @@ fi
 
 * Sun Apr 23 2023 penghaitao <htpengc@isoftstone.com> - 1.17.3-17
 - fix bogus date in %changelog
+* Wed Oct 16 2024 hanchao <hanchao63@huawei.com> - 1.17.3-36
+- Type:
+- CVE:
+- SUG:
+- DESC:
+
 
 * Thu Apr 13 2023 hanchao <hanchao47@huawei.com> - 1.17.3-16
 - Type:CVE