diff --git a/openEuler-CVE-2015-20107.patch b/openEuler-CVE-2015-20107.patch
new file mode 100644
index 0000000000000000000000000000000000000000..136891c13421e55fc3f3355a6a4fd060b039324b
--- /dev/null
+++ b/openEuler-CVE-2015-20107.patch
@@ -0,0 +1,43 @@
+From c7c5f7f272659981f4c6bbfa212257945c86d17c Mon Sep 17 00:00:00 2001
+From: shixuantong <shixuantong@h-partners.com>
+Date: Sat, 14 May 2022 16:50:02 +0800
+Subject: [PATCH] fix CVE-2015-20107
+
+---
+ Lib/mailcap.py | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/Lib/mailcap.py b/Lib/mailcap.py
+index bd0fc09..1ad3dd5 100644
+--- a/Lib/mailcap.py
++++ b/Lib/mailcap.py
+@@ -2,6 +2,7 @@
+ 
+ import os
+ import warnings
++from shlex import quote
+ 
+ __all__ = ["getcaps","findmatch"]
+ 
+@@ -203,8 +204,6 @@ def subst(field, MIMEtype, filename, plist=[]):
+             c = field[i]; i = i+1
+             if c == '%':
+                 res = res + c
+-            elif c == 's':
+-                res = res + filename
+             elif c == 't':
+                 res = res + MIMEtype
+             elif c == '{':
+@@ -219,6 +218,9 @@ def subst(field, MIMEtype, filename, plist=[]):
+             # %F == list of alternating type and filename for parts
+             else:
+                 res = res + '%' + c
++    res = res.replace("'%s'", quote(filename))
++    res = res.replace('"%s"',quote(filename))
++    res = res.replace('%s',quote(filename))
+     return res
+ 
+ def findparam(name, plist):
+-- 
+1.8.3.1
+
diff --git a/python3.spec b/python3.spec
index 2cfd85152ed6d3e79f1b29b3e99a86cc881962b0..3d579154cd85839a665d1a4c012eafd70e92ef52 100644
--- a/python3.spec
+++ b/python3.spec
@@ -3,7 +3,7 @@ Summary: Interpreter of the Python3 programming language
 URL: https://www.python.org/
 
 Version: 3.7.9
-Release: 22
+Release: 23
 License: Python
 
 %global branchversion 3.7
@@ -163,6 +163,7 @@ Patch6053:  backport-bpo-46811-Make-test-suite-support-Expat-2.4.5.patch
 
 patch9000:  Don-t-override-PYTHONPATH-which-is-already-set.patch
 patch9001:  add-the-sm3-method-for-obtaining-the-salt-value.patch
+Patch9002:  openEuler-CVE-2015-20107.patch
 
 Recommends: %{name}-help = %{version}-%{release}
 Provides: python%{branchversion} = %{version}-%{release}
@@ -311,6 +312,7 @@ rm Lib/ensurepip/_bundled/*.whl
 
 %patch9000 -p1
 %patch9001 -p1
+%patch9002 -p1
 
 sed -i "s/generic_os/%{_vendor}/g" Lib/platform.py
 rm configure pyconfig.h.in
@@ -912,6 +914,12 @@ export BEP_GTDLIST="$BEP_GTDLIST_TMP"
 %{_mandir}/*/*
 
 %changelog
+* Mon May 16 2022 shixuantong <shixuantong@h-partners.com> - 3.7.9-23
+- Type:CVE
+- CVE:CVE-2015-20107
+- SUG:NA
+- DESC:fix CVE-2015-20107
+
 * Mon Mar 07 2022 shixuantong <shixuantong@h-partners.com> - 3.7.9-22
 - Type:bugfix
 - CVE:NA