diff --git a/openEuler-CVE-2015-20107.patch b/openEuler-CVE-2015-20107.patch
new file mode 100644
index 0000000000000000000000000000000000000000..136891c13421e55fc3f3355a6a4fd060b039324b
--- /dev/null
+++ b/openEuler-CVE-2015-20107.patch
@@ -0,0 +1,43 @@
+From c7c5f7f272659981f4c6bbfa212257945c86d17c Mon Sep 17 00:00:00 2001
+From: shixuantong <shixuantong@h-partners.com>
+Date: Sat, 14 May 2022 16:50:02 +0800
+Subject: [PATCH] fix CVE-2015-20107
+
+---
+ Lib/mailcap.py | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/Lib/mailcap.py b/Lib/mailcap.py
+index bd0fc09..1ad3dd5 100644
+--- a/Lib/mailcap.py
++++ b/Lib/mailcap.py
+@@ -2,6 +2,7 @@
+ 
+ import os
+ import warnings
++from shlex import quote
+ 
+ __all__ = ["getcaps","findmatch"]
+ 
+@@ -203,8 +204,6 @@ def subst(field, MIMEtype, filename, plist=[]):
+             c = field[i]; i = i+1
+             if c == '%':
+                 res = res + c
+-            elif c == 's':
+-                res = res + filename
+             elif c == 't':
+                 res = res + MIMEtype
+             elif c == '{':
+@@ -219,6 +218,9 @@ def subst(field, MIMEtype, filename, plist=[]):
+             # %F == list of alternating type and filename for parts
+             else:
+                 res = res + '%' + c
++    res = res.replace("'%s'", quote(filename))
++    res = res.replace('"%s"',quote(filename))
++    res = res.replace('%s',quote(filename))
+     return res
+ 
+ def findparam(name, plist):
+-- 
+1.8.3.1
+
diff --git a/python3.spec b/python3.spec
index 660612220975d66d1230e659d6c6cec449cc41d1..1157b6d87b76c294ee2b1b3af0d09109b8793ca0 100644
--- a/python3.spec
+++ b/python3.spec
@@ -3,7 +3,7 @@ Summary: Interpreter of the Python3 programming language
 URL: https://www.python.org/
 
 Version: 3.7.9
-Release: 21
+Release: 22
 License: Python
 
 %global branchversion 3.7
@@ -161,6 +161,8 @@ Patch6050: backport-bpo-45001-Make-email-date-parsing-more-robust-agains.patch
 Patch6051: backport-3.7-bpo-43124-Fix-smtplib-multiple-CRLF-injection-GH.patch
 Patch6052: backport-bpo-46811-Make-test-suite-support-Expat-2.4.5.patch
 
+Patch9000: openEuler-CVE-2015-20107.patch
+
 Recommends: %{name}-help = %{version}-%{release}
 Provides: python%{branchversion} = %{version}-%{release}
 Provides: python(abi) = %{branchversion}
@@ -307,6 +309,8 @@ rm Lib/ensurepip/_bundled/*.whl
 %patch6051 -p1
 %patch6052 -p1
 
+%patch9000 -p1
+
 sed -i "s/generic_os/%{_vendor}/g" Lib/platform.py
 rm configure pyconfig.h.in
 
@@ -907,6 +911,12 @@ export BEP_GTDLIST="$BEP_GTDLIST_TMP"
 %{_mandir}/*/*
 
 %changelog
+* Sat May 14 2022 shixuantong <shixuantong@h-partners.com> - 3.7.9-22
+- Type:CVE
+- CVE:CVE-2015-20107
+- SUG:NA
+- DESC:fix CVE-2015-20107
+
 * Mon Mar 07 2022 shixuantong <shixuantong@h-partners.com> - 3.7.9-21
 - Type:bugfix
 - CVE:NA