diff --git a/backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch b/backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch
new file mode 100644
index 0000000000000000000000000000000000000000..cc78df8c2792b3b4f23bd2e1d5f1e2a178de5aa1
--- /dev/null
+++ b/backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch
@@ -0,0 +1,50 @@
+From 49d07be98e591d2df1d5b8d55fc9ecac3185fb70 Mon Sep 17 00:00:00 2001
+From: Sven Joachim <svenjoac@gmx.de>
+Date: Mon, 1 May 2023 11:31:39 +0200
+Subject: [PATCH] Fix the --disable-root-args and --disable-root-environ
+ options
+
+Due to a copy/paste error, the "--disable-root-environ" configure
+option performed the actions of the "--disable-root-access" option,
+while the latter option had no effect at all.
+
+Conflict:add configure file changes based on community
+Reference:https://salsa.debian.org/debian/ncurses/-/commit/49d07be98e591d2df1d5b8d55fc9ecac3185fb70
+---
+ configure.in | 2 +-
+ configure | 6 +++---
+ 2 file changed, 4 insertion(+), 4 deletion(-)
+
+diff --git a/configure.in b/configure.in
+index 798b95a..613677f 100644
+--- a/configure.in
++++ b/configure.in
+@@ -854,7 +854,7 @@ AC_MSG_RESULT($with_root_environ)
+ test "x$with_root_environ" = xyes && AC_DEFINE(USE_ROOT_ENVIRON,1,[Define to 1 if root is allowed to use ncurses environment])
+ 
+ AC_MSG_CHECKING(if you want to permit setuid programs to access all files)
+-AC_ARG_ENABLE(root-environ,
++AC_ARG_ENABLE(root-access,
+ 	[  --disable-root-access   restrict file-access when running setuid],
+ 	[with_root_access=$enableval],
+ 	[with_root_access=yes])
+diff --git a/configure b/configure
+index 421cf85..5141933 100755
+--- a/configure
++++ b/configure
+@@ -9399,9 +9399,9 @@ EOF
+ echo "$as_me:9399: checking if you want to permit setuid programs to access all files" >&5
+ echo $ECHO_N "checking if you want to permit setuid programs to access all files... $ECHO_C" >&6
+
+-# Check whether --enable-root-environ or --disable-root-environ was given.
+-if test "${enable_root_environ+set}" = set; then
+-  enableval="$enable_root_environ"
++# Check whether --enable-root-access or --disable-root-access was given.
++if test "${enable_root_access+set}" = set; then
++  enableval="$enable_root_access"
+   with_root_access=$enableval
+ else
+   with_root_access=yes
+-- 
+2.33.0
+
diff --git a/backport-0002-CVE-2023-29491-env-access.patch b/backport-0002-CVE-2023-29491-env-access.patch
new file mode 100644
index 0000000000000000000000000000000000000000..bcbcc114554fb0e6057e1f50c9b7e7a52f3323ca
--- /dev/null
+++ b/backport-0002-CVE-2023-29491-env-access.patch
@@ -0,0 +1,32 @@
+From 94240194a58b15e7fc3a015ed123ebb124f4e869 Mon Sep 17 00:00:00 2001
+From: Sven Joachim <svenjoac@gmx.de>
+Date: Mon, 1 May 2023 11:32:01 +0200
+Subject: [PATCH] Change the behavior of the "--disable-root-environ" option
+
+The new patch debian-env-access.diff makes the
+"--disable-root-environ" configure option functionally equivalent to
+the --disable-setuid-environ" option that has been added in the
+20230425 upstream patchlevel.
+
+Conflict:NA
+Reference:https://salsa.debian.org/debian/ncurses/-/commit/94240194a58b15e7fc3a015ed123ebb124f4e869
+---
+ ncurses/tinfo/access.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/ncurses/tinfo/access.c b/ncurses/tinfo/access.c
+index a735db2..c9f8660 100644
+--- a/ncurses/tinfo/access.c
++++ b/ncurses/tinfo/access.c
+@@ -215,8 +215,6 @@ _nc_env_access(void)
+ 
+     if (is_elevated()) {
+ 	result = FALSE;
+-    } else if ((getuid() == ROOT_UID) || (geteuid() == ROOT_UID)) {
+-	result = FALSE;
+     }
+     return result;
+ }
+-- 
+2.33.0
+
diff --git a/ncurses.spec b/ncurses.spec
index 1130b964dc913885d33e2e0735352354e1e2442f..e1013cd4c4881dc7ea0489be50f321cc08ecd44e 100644
--- a/ncurses.spec
+++ b/ncurses.spec
@@ -9,7 +9,7 @@
 
 Name:          ncurses
 Version:       6.3
-Release:       10
+Release:       11
 Summary:       Terminal control library
 License:       MIT
 URL:           https://invisible-island.net/ncurses/ncurses.html
@@ -20,6 +20,8 @@ Patch9:        ncurses-libs.patch
 Patch11:       ncurses-urxvt.patch
 Patch12:       ncurses-kbs.patch
 Patch13:       backport-CVE-2022-29458.patch
+Patch14:       backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch
+Patch15:       backport-0002-CVE-2023-29491-env-access.patch
 
 BuildRequires: gcc gcc-c++ gpm-devel pkgconfig
 
@@ -116,7 +118,7 @@ done
 
 %build
 common_options="--enable-colorfgbg --enable-hard-tabs --enable-overwrite \
-    --enable-pc-files --enable-xmc-glitch --disable-wattr-macros \
+    --enable-pc-files --enable-xmc-glitch --disable-wattr-macros --disable-root-environ \
     --with-cxx-shared --with-ospeed=unsigned \
     --with-pkg-config-libdir=%{_libdir}/pkgconfig \
     --with-shared \
@@ -281,6 +283,12 @@ xz NEWS
 %endif
 
 %changelog
+* Mon Jul 03 2023 yanglu <yanglu72@h-partners.com> - 6.3-11
+- Type:CVE
+- ID:CVE-2023-29491
+- SUG:NA
+- DESC: fix CVE-2023-29491
+
 * Mon Jun 5 2023 liutie <liutie4@huawei.com> - 6.3-10
 - Type:enhancement
 - ID:NA