diff --git a/backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch b/backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch
new file mode 100644
index 0000000000000000000000000000000000000000..97b6c40732cbc33b6d447219e344c26545db3772
--- /dev/null
+++ b/backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch
@@ -0,0 +1,52 @@
+From ff577b94511f9fc314435a1154f1124dccbe57ec Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tina=20M=C3=BCller?= <cpan2@tinita.de>
+Date: Mon, 8 Apr 2024 23:32:52 +0200
+Subject: [PATCH] Fix emitter states handling when write_indicator fails
+
+There are cases where yaml_emitter_write_indicator fails.
+In that case POP is called on emitter->indents but not on emitter->states,
+which results in a leftover event in the stack, and later POP is called
+on an empty emitter->indents stack.
+
+This commit does not fix the case of the failing yaml_emitter_write_indicator.
+This is still investigated.
+---
+ src/emitter.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/emitter.c b/src/emitter.c
+index 609b28a4..0aca6c34 100644
+--- a/src/emitter.c
++++ b/src/emitter.c
+@@ -759,6 +759,7 @@ yaml_emitter_emit_flow_sequence_item(yaml_emitter_t *emitter,
+     {
+         emitter->flow_level --;
+         emitter->indent = POP(emitter, emitter->indents);
++        emitter->state = POP(emitter, emitter->states);
+         if (emitter->canonical && !first) {
+             if (!yaml_emitter_write_indicator(emitter, ",", 0, 0, 0))
+                 return 0;
+@@ -767,7 +768,6 @@ yaml_emitter_emit_flow_sequence_item(yaml_emitter_t *emitter,
+         }
+         if (!yaml_emitter_write_indicator(emitter, "]", 0, 0, 0))
+             return 0;
+-        emitter->state = POP(emitter, emitter->states);
+ 
+         return 1;
+     }
+@@ -808,6 +808,7 @@ yaml_emitter_emit_flow_mapping_key(yaml_emitter_t *emitter,
+             return 0;
+         emitter->flow_level --;
+         emitter->indent = POP(emitter, emitter->indents);
++        emitter->state = POP(emitter, emitter->states);
+         if (emitter->canonical && !first) {
+             if (!yaml_emitter_write_indicator(emitter, ",", 0, 0, 0))
+                 return 0;
+@@ -816,7 +817,6 @@ yaml_emitter_emit_flow_mapping_key(yaml_emitter_t *emitter,
+         }
+         if (!yaml_emitter_write_indicator(emitter, "}", 0, 0, 0))
+             return 0;
+-        emitter->state = POP(emitter, emitter->states);
+ 
+         return 1;
+     }
diff --git a/fix-heap-buffer-overflow-error-in-yaml-emitter-emit.patch b/fix-heap-buffer-overflow-error-in-yaml-emitter-emit.patch
deleted file mode 100644
index 8d13f7c77fd541e29deb2cf597263698aaf8e49a..0000000000000000000000000000000000000000
--- a/fix-heap-buffer-overflow-error-in-yaml-emitter-emit.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From cbd860b8e62ec0dc85d4d76a9a8900a3db9c740c Mon Sep 17 00:00:00 2001
-From: chenziyang <chenziyang4@huawei.com>
-Date: Tue, 8 Nov 2022 11:15:36 +0800
-Subject: [PATCH] Fix heap buffer overflow error in
- yaml_emitter_emit_flow_sequence_item function
- 
----
- src/emitter.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
- 
-diff --git a/src/emitter.c b/src/emitter.c
-index 609b28a..336bfd1 100644
---- a/src/emitter.c
-+++ b/src/emitter.c
-@@ -758,7 +758,13 @@ yaml_emitter_emit_flow_sequence_item(yaml_emitter_t *emitter,
-     if (event->type == YAML_SEQUENCE_END_EVENT)
-     {
-         emitter->flow_level --;
--        emitter->indent = POP(emitter, emitter->indents);
-+        if (!STACK_EMPTY(emitter, emitter->indents)) {
-+            emitter->indent = POP(emitter, emitter->indents);
-+        }
-+        else {
-+            emitter->indent = 0; // set to default
-+        }
-+
-         if (emitter->canonical && !first) {
-             if (!yaml_emitter_write_indicator(emitter, ",", 0, 0, 0))
-                 return 0;
--- 
-2.21.0.windows.1
-
diff --git a/libyaml.spec b/libyaml.spec
index 63130284bdac02bf16bd32b6182ecf55c7c1fde5..0fb101d69cedbf6f8b27cf2a2253762ca282211c 100644
--- a/libyaml.spec
+++ b/libyaml.spec
@@ -1,14 +1,14 @@
 Name:       libyaml
 Version:    0.2.5
-Release:    5
+Release:    6
 Summary:    A C library for parsing and emitting YAML
 License:    MIT
 URL:        https://github.com/yaml/libyaml
 Source0:    https://github.com/yaml/libyaml/releases/download/%{version}/yaml-%{version}.tar.gz
 
 Patch0:     fix-heap-buffer-overflow-in-yaml_emitter_emit_flow_m.patch 
-Patch1:     fix-heap-buffer-overflow-error-in-yaml-emitter-emit.patch
-Patch2:     backport-Improve-CMake-build-system.patch
+Patch1:     backport-Improve-CMake-build-system.patch
+Patch2:     backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch
 
 BuildRequires:  gcc
 
@@ -74,6 +74,9 @@ make check
 
 
 %changelog
+* Thu Apr 25 2024 fuanan <fuanan3@h-partners.com> - 0.2.5-6
+- fix CVE-2024-3205
+
 * Sat May 27 2023 fuanan <fuanan3@h-partners.com> - 0.2.5-5
 - Support cmake build system
 - Modify URL and Source0