diff --git a/backport-CVE-2020-7067-Fix-bug-79465-use-unsigneds-as-indexes.patch b/backport-CVE-2020-7067-Fix-bug-79465-use-unsigneds-as-indexes.patch
new file mode 100644
index 0000000000000000000000000000000000000000..918ccbf5ca217d293770fd79b6eccb9b456bb234
--- /dev/null
+++ b/backport-CVE-2020-7067-Fix-bug-79465-use-unsigneds-as-indexes.patch
@@ -0,0 +1,31 @@
+From 9d6bf8221b05f86ce5875832f0f646c4c1f218be Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 13 Apr 2020 21:07:04 -0700
+Subject: [PATCH] Fix bug #79465 - use unsigneds as indexes.
+
+---
+ ext/standard/url.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ext/standard/url.c b/ext/standard/url.c
+index fe6d7f9de1d6..1dd073e2bb42 100644
+--- a/ext/standard/url.c
++++ b/ext/standard/url.c
+@@ -559,7 +559,7 @@ PHPAPI size_t php_url_decode(char *str, size_t len)
+ #ifndef CHARSET_EBCDIC
+ 			*dest = (char) php_htoi(data + 1);
+ #else
+-			*dest = os_toebcdic[(char) php_htoi(data + 1)];
++			*dest = os_toebcdic[(unsigned char) php_htoi(data + 1)];
+ #endif
+ 			data += 2;
+ 			len -= 2;
+@@ -651,7 +651,7 @@ PHPAPI size_t php_raw_url_decode(char *str, size_t len)
+ #ifndef CHARSET_EBCDIC
+ 			*dest = (char) php_htoi(data + 1);
+ #else
+-			*dest = os_toebcdic[(char) php_htoi(data + 1)];
++			*dest = os_toebcdic[(unsigned char) php_htoi(data + 1)];
+ #endif
+ 			data += 2;
+ 			len -= 2;
diff --git a/php.spec b/php.spec
index faacc4247336334b8382927b459d378a3d1d3ff7..b4e9afa6d237bd7aa5db72889b298d95c45d5420 100644
--- a/php.spec
+++ b/php.spec
@@ -28,7 +28,7 @@
 
 Name:          php
 Version:       %{upver}%{?rcver:~%{rcver}}
-Release:       16
+Release:       17
 Summary:       PHP scripting language for creating dynamic web sites
 License:       PHP and Zend and BSD and MIT and ASL 1.0 and NCSA
 URL:           http://www.php.net/
@@ -111,6 +111,7 @@ Patch6037:     backport-0002-CVE-2021-21705.patch
 Patch6038:     backport-CVE-2021-21704.patch
 Patch6039:     backport-CVE-2021-21703.patch
 Patch6040:     backport-CVE-2021-21707.patch
+Patch6041:     backport-CVE-2020-7067-Fix-bug-79465-use-unsigneds-as-indexes.patch
 
 BuildRequires: bzip2-devel, curl-devel >= 7.9, httpd-devel >= 2.0.46-1, pam-devel, httpd-filesystem, nginx-filesystem
 BuildRequires: libstdc++-devel, openssl-devel, sqlite-devel >= 3.6.0, zlib-devel, smtpdaemon, libedit-devel
@@ -1171,6 +1172,9 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
 
 
 %changelog
+* Wed Feb 23 2022 panxiaohe <panxh.life@foxmail.com> - 7.2.10-17
+- Fix CVE-2020-7067
+
 * Thu Dec 2 2021 fuanan <fuanan3@huawei.com> - 7.2.10-16
 - Fix CVE-2021-21707