diff --git a/binutils-CVE-2022-38533.patch b/binutils-CVE-2022-38533.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ecb1508ff536e074b54c2cb1d7e301bcdc081e83
--- /dev/null
+++ b/binutils-CVE-2022-38533.patch
@@ -0,0 +1,29 @@
+commit ef186fe54aa6d281a3ff8a9528417e5cc614c797
+Author: Alan Modra <amodra@gmail.com>
+Date:   Sat Aug 13 15:32:47 2022 +0930
+
+    PR29482 - strip: heap-buffer-overflow
+    
+            PR 29482
+            * coffcode.h (coff_set_section_contents): Sanity check _LIB.
+
+diff --git a/bfd/coffcode.h b/bfd/coffcode.h
+index 67aaf158ca1..52027981c3f 100644
+--- a/bfd/coffcode.h
++++ b/bfd/coffcode.h
+@@ -4302,10 +4302,13 @@ coff_set_section_contents (bfd * abfd,
+ 
+ 	rec = (bfd_byte *) location;
+ 	recend = rec + count;
+-	while (rec < recend)
++	while (recend - rec >= 4)
+ 	  {
++	    size_t len = bfd_get_32 (abfd, rec);
++	    if (len == 0 || len > (size_t) (recend - rec) / 4)
++	      break;
++	    rec += len * 4;
+ 	    ++section->lma;
+-	    rec += bfd_get_32 (abfd, rec) * 4;
+ 	  }
+ 
+ 	BFD_ASSERT (rec == recend);
diff --git a/binutils-CVE-2023-25588.patch b/binutils-CVE-2023-25588.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d0cbf53cd824ff8598ca84fe10bd4b5d92a34a97
--- /dev/null
+++ b/binutils-CVE-2023-25588.patch
@@ -0,0 +1,137 @@
+commit d12f8998d2d086f0a6606589e5aedb7147e6f2f1
+Author: Alan Modra <amodra@gmail.com>
+Date:   Fri Oct 14 10:30:21 2022 +1030
+
+    PR29677, Field `the_bfd` of `asymbol` is uninitialised
+    
+    Besides not initialising the_bfd of synthetic symbols, counting
+    symbols when sizing didn't match symbols created if there were any
+    dynsyms named "".  We don't want synthetic symbols without names
+    anyway, so get rid of them.  Also, simplify and correct sanity checks.
+    
+            PR 29677
+            * mach-o.c (bfd_mach_o_get_synthetic_symtab): Rewrite.
+
+diff --git a/bfd/mach-o.c b/bfd/mach-o.c
+index acb35e7f0c6..5279343768c 100644
+--- a/bfd/mach-o.c
++++ b/bfd/mach-o.c
+@@ -938,11 +938,9 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
+   bfd_mach_o_symtab_command *symtab = mdata->symtab;
+   asymbol *s;
+   char * s_start;
+-  char * s_end;
+   unsigned long count, i, j, n;
+   size_t size;
+   char *names;
+-  char *nul_name;
+   const char stub [] = "$stub";
+ 
+   *ret = NULL;
+@@ -955,27 +953,27 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
+   /* We need to allocate a bfd symbol for every indirect symbol and to
+      allocate the memory for its name.  */
+   count = dysymtab->nindirectsyms;
+-  size = count * sizeof (asymbol) + 1;
+-
++  size = 0;
+   for (j = 0; j < count; j++)
+     {
+-      const char * strng;
+       unsigned int isym = dysymtab->indirect_syms[j];
++      const char *str;
+ 
+       /* Some indirect symbols are anonymous.  */
+-      if (isym < symtab->nsyms && (strng = symtab->symbols[isym].symbol.name))
+-	/* PR 17512: file: f5b8eeba.  */
+-	size += strnlen (strng, symtab->strsize - (strng - symtab->strtab)) + sizeof (stub);
++      if (isym < symtab->nsyms
++	  && (str = symtab->symbols[isym].symbol.name) != NULL)
++	{
++	  /* PR 17512: file: f5b8eeba.  */
++	  size += strnlen (str, symtab->strsize - (str - symtab->strtab));
++	  size += sizeof (stub);
++	}
+     }
+ 
+-  s_start = bfd_malloc (size);
++  s_start = bfd_malloc (size + count * sizeof (asymbol));
+   s = *ret = (asymbol *) s_start;
+   if (s == NULL)
+     return -1;
+   names = (char *) (s + count);
+-  nul_name = names;
+-  *names++ = 0;
+-  s_end = s_start + size;
+ 
+   n = 0;
+   for (i = 0; i < mdata->nsects; i++)
+@@ -997,47 +995,39 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
+ 	  entry_size = bfd_mach_o_section_get_entry_size (abfd, sec);
+ 
+ 	  /* PR 17512: file: 08e15eec.  */
+-	  if (first >= count || last >= count || first > last)
++	  if (first >= count || last > count || first > last)
+ 	    goto fail;
+ 
+ 	  for (j = first; j < last; j++)
+ 	    {
+ 	      unsigned int isym = dysymtab->indirect_syms[j];
+-
+-	      /* PR 17512: file: 04d64d9b.  */
+-	      if (((char *) s) + sizeof (* s) > s_end)
+-		goto fail;
+-
+-	      s->flags = BSF_GLOBAL | BSF_SYNTHETIC;
+-	      s->section = sec->bfdsection;
+-	      s->value = addr - sec->addr;
+-	      s->udata.p = NULL;
++	      const char *str;
++	      size_t len;
+ 
+ 	      if (isym < symtab->nsyms
+-		  && symtab->symbols[isym].symbol.name)
++		  && (str = symtab->symbols[isym].symbol.name) != NULL)
+ 		{
+-		  const char *sym = symtab->symbols[isym].symbol.name;
+-		  size_t len;
+-
+-		  s->name = names;
+-		  len = strlen (sym);
+-		  /* PR 17512: file: 47dfd4d2.  */
+-		  if (names + len >= s_end)
++		  /* PR 17512: file: 04d64d9b.  */
++		  if (n >= count)
+ 		    goto fail;
+-		  memcpy (names, sym, len);
+-		  names += len;
+-		  /* PR 17512: file: 18f340a4.  */
+-		  if (names + sizeof (stub) >= s_end)
++		  len = strnlen (str, symtab->strsize - (str - symtab->strtab));
++		  /* PR 17512: file: 47dfd4d2, 18f340a4.  */
++		  if (size < len + sizeof (stub))
+ 		    goto fail;
+-		  memcpy (names, stub, sizeof (stub));
+-		  names += sizeof (stub);
++		  memcpy (names, str, len);
++		  memcpy (names + len, stub, sizeof (stub));
++		  s->name = names;
++		  names += len + sizeof (stub);
++		  size -= len + sizeof (stub);
++		  s->the_bfd = symtab->symbols[isym].symbol.the_bfd;
++		  s->flags = BSF_GLOBAL | BSF_SYNTHETIC;
++		  s->section = sec->bfdsection;
++		  s->value = addr - sec->addr;
++		  s->udata.p = NULL;
++		  s++;
++		  n++;
+ 		}
+-	      else
+-		s->name = nul_name;
+-
+ 	      addr += entry_size;
+-	      s++;
+-	      n++;
+ 	    }
+ 	  break;
+ 	default:
diff --git a/mingw-binutils.spec b/mingw-binutils.spec
index f551eb5a018f0e37a3d2638622bdc89055b64b02..378e49fe58b6b407acfc9459f8551c14eba11070 100644
--- a/mingw-binutils.spec
+++ b/mingw-binutils.spec
@@ -2,7 +2,7 @@
 
 Name:           mingw-binutils
 Version:        2.37
-Release:        2
+Release:        4
 Summary:        Cross-compiled version of binutils for Win32 and Win64 environments
 
 License:        GPLv2+ and LGPLv2+ and GPLv3+ and LGPLv3+
@@ -119,6 +119,16 @@ Patch16: binutils-testsuite-fixes.patch
 # Lifetime: Fixed in 2.38 maybe
 Patch17: binutils-gold-i386-gnu-property-notes.patch
 
+# Purpose:  In GNU Binutils before 2.40, there is a heap-buffer-overflow 
+#            in the error function bfd_getl32 when called from the 
+#            strip_main function in strip-new via a crafted file.
+# Lifetime: Fixed in 2.40 maybe
+Patch18: binutils-CVE-2022-38533.patch
+
+# Purpose: Field `the_bfd` of `asymbol` is uninitialised
+# Lifetime: Fixed in 2.40 maybe
+Patch19: binutils-CVE-2023-25588.patch
+
 
 BuildRequires:  make
 BuildRequires:  gcc
@@ -373,6 +383,12 @@ rm -rf %{buildroot}%{_mandir}/man1/*
 
 
 %changelog
+* Fri Jul 19 2024 xuguangmin <xuguangmin@kylinos.cn> - 2.37-4
+- Field `the_bfd` of `asymbol` is uninitialised
+
+* Fri Jul 19 2024 xuguangmin <xuguangmin@kylinos.cn> - 2.37-3
+- Fix CVE-2022-38533
+
 * Mon Feb 5 2024 yinhongchang <yinhongchang@kylinsec.com.cn> - 2.37-2
 - update version to 2.37-2
 
@@ -383,4 +399,4 @@ rm -rf %{buildroot}%{_mandir}/man1/*
 - update version to 2.34-9
 
 * Thu Oct 08 2020 Zhiyi Weng <zhiyi@iscas.ac.cn> - 2.32-7
-- Initial version
\ No newline at end of file
+- Initial version