diff --git a/backport-CVE-2023-28484-Fix-null-deref-in-xmlSchemaFixupCompl.patch b/backport-CVE-2023-28484-Fix-null-deref-in-xmlSchemaFixupCompl.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7201dde6a131c6a72b18be88fc26f8028ad90a50
--- /dev/null
+++ b/backport-CVE-2023-28484-Fix-null-deref-in-xmlSchemaFixupCompl.patch
@@ -0,0 +1,74 @@
+From 647e072ea0a2f12687fa05c172f4c4713fdb0c4f Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Apr 2023 11:46:35 +0200
+Subject: [PATCH] [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
+
+Fix a null pointer dereference when parsing (invalid) XML schemas.
+
+Thanks to Robby Simpson for the report!
+
+Fixes #491.
+---
+ result/schemas/issue491_0_0.err |  1 +
+ test/schemas/issue491_0.xml     |  1 +
+ test/schemas/issue491_0.xsd     | 18 ++++++++++++++++++
+ xmlschemas.c                    |  2 +-
+ 4 files changed, 21 insertions(+), 1 deletion(-)
+ create mode 100644 result/schemas/issue491_0_0.err
+ create mode 100644 test/schemas/issue491_0.xml
+ create mode 100644 test/schemas/issue491_0.xsd
+
+diff --git a/result/schemas/issue491_0_0.err b/result/schemas/issue491_0_0.err
+new file mode 100644
+index 00000000..9b2bb969
+--- /dev/null
++++ b/result/schemas/issue491_0_0.err
+@@ -0,0 +1 @@
++./test/schemas/issue491_0.xsd:8: element complexType: Schemas parser error : complex type 'ChildType': The content type of both, the type and its base type, must either 'mixed' or 'element-only'.
+diff --git a/test/schemas/issue491_0.xml b/test/schemas/issue491_0.xml
+new file mode 100644
+index 00000000..e2b2fc2e
+--- /dev/null
++++ b/test/schemas/issue491_0.xml
+@@ -0,0 +1 @@
++<Child xmlns="http://www.test.com">5</Child>
+diff --git a/test/schemas/issue491_0.xsd b/test/schemas/issue491_0.xsd
+new file mode 100644
+index 00000000..81702649
+--- /dev/null
++++ b/test/schemas/issue491_0.xsd
+@@ -0,0 +1,18 @@
++<?xml version='1.0' encoding='UTF-8'?>
++<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://www.test.com" targetNamespace="http://www.test.com" elementFormDefault="qualified" attributeFormDefault="unqualified">
++  <xs:complexType name="BaseType">
++    <xs:simpleContent>
++      <xs:extension base="xs:int" />
++    </xs:simpleContent>
++  </xs:complexType>
++  <xs:complexType name="ChildType">
++    <xs:complexContent>
++      <xs:extension base="BaseType">
++        <xs:sequence>
++          <xs:element name="bad" type="xs:int" minOccurs="0" maxOccurs="1"/>
++        </xs:sequence>
++      </xs:extension>
++    </xs:complexContent>
++  </xs:complexType>
++  <xs:element name="Child" type="ChildType" />
++</xs:schema>
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 17aa6dfa..36cd6730 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -18563,7 +18563,7 @@ xmlSchemaFixupComplexType(xmlSchemaParserCtxtPtr pctxt,
+ 			"allowed to appear inside other model groups",
+ 			NULL, NULL);
+ 
+-		} else if (! dummySequence) {
++		} else if ((!dummySequence) && (baseType->subtypes != NULL)) {
+ 		    xmlSchemaTreeItemPtr effectiveContent =
+ 			(xmlSchemaTreeItemPtr) type->subtypes;
+ 		    /*
+-- 
+2.27.0
+
diff --git a/backport-CVE-2023-29469-Hashing-of-empty-dict-strings-isn-t-d.patch b/backport-CVE-2023-29469-Hashing-of-empty-dict-strings-isn-t-d.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8b702ce29b4ce9b1afaf034121c9954569269959
--- /dev/null
+++ b/backport-CVE-2023-29469-Hashing-of-empty-dict-strings-isn-t-d.patch
@@ -0,0 +1,37 @@
+From 09a2dd453007f9c7205274623acdd73747c22d64 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Apr 2023 11:49:27 +0200
+Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't
+ deterministic
+
+When hashing empty strings which aren't null-terminated,
+xmlDictComputeFastKey could produce inconsistent results. This could
+lead to various logic or memory errors, including double frees.
+
+For consistency the seed is also taken into account, but this shouldn't
+have an impact on security.
+
+Found by OSS-Fuzz.
+
+Fixes #510.
+---
+ dict.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/dict.c b/dict.c
+index 26ce516d..57b76fae 100644
+--- a/dict.c
++++ b/dict.c
+@@ -451,7 +451,8 @@ static unsigned long
+ xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) {
+     unsigned long value = seed;
+ 
+-    if (name == NULL) return(0);
++    if ((name == NULL) || (namelen <= 0))
++        return(value);
+     value += *name;
+     value <<= 5;
+     if (namelen > 10) {
+-- 
+2.27.0
+
diff --git a/libxml2.spec b/libxml2.spec
index b59682ecc0942915a4c039f5fddc2e762c6275d7..a31cb434243fb08cbe767deeb396a2d39f59564f 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -1,7 +1,7 @@
 Summary: Library providing XML and HTML support
 Name: libxml2
 Version: 2.9.14
-Release: 8
+Release: 9
 License: MIT
 Group: Development/Libraries
 Source: https://download.gnome.org/sources/%{name}/2.9/%{name}-%{version}.tar.xz
@@ -22,6 +22,8 @@ Patch12: backport-parser-Fix-potential-memory-leak-in-xmlParseAttValue.patch
 Patch13: backport-Fix-unused-variable-warnings-with-disabled-features.patch
 Patch14: backport-Update-xmlStrlen-to-use-POSIX-ISO-C-strlen.patch
 Patch15: backport-schemas-Fix-infinite-loop-in-xmlSchemaCheckElemSubst.patch
+Patch16: backport-CVE-2023-28484-Fix-null-deref-in-xmlSchemaFixupCompl.patch
+Patch17: backport-CVE-2023-29469-Hashing-of-empty-dict-strings-isn-t-d.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: python3-devel
@@ -177,6 +179,12 @@ rm -fr %{buildroot}
 
 
 %changelog
+* Thu Apr 20 2023 BruceGW <gyl93216@163.com> - 2.9.14-9
+- Type:CVE
+- CVE:CVE-2023-28484 CVE-2023-29469
+- SUG:NA
+- DESC:fix CVE-2023-28484CVE-2023-29469
+
 * Mon Feb 27 2023 Zhipeng Xie <xiezhipeng1@huawei.com> - 2.9.14-8
 - Type:bugfix
 - CVE:NA