diff --git a/qt-CVE-2023-34410.patch b/qt-CVE-2023-34410.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8465f7d653b22e45771208fc3799eb68db2b1c9d
--- /dev/null
+++ b/qt-CVE-2023-34410.patch
@@ -0,0 +1,22 @@
+diff -up qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket.cpp.me qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket.cpp
+--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket.cpp.me	2023-06-09 16:41:34.702124706 +0200
++++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket.cpp	2023-06-09 16:42:50.152993830 +0200
+@@ -1863,6 +1863,10 @@ QSslSocketPrivate::QSslSocketPrivate()
+     , plainSocket(0)
+ {
+     QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
++    // If the global configuration doesn't allow root certificates to be loaded
++    // on demand then we have to disable it for this socket as well.
++    if (!configuration.allowRootCertOnDemandLoading)
++        allowRootCertOnDemandLoading = false;
+ }
+ 
+ /*!
+@@ -2041,6 +2045,7 @@ void QSslConfigurationPrivate::deepCopyD
+     ptr->sessionCipher = global->sessionCipher;
+     ptr->ciphers = global->ciphers;
+     ptr->caCertificates = global->caCertificates;
++    ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
+     ptr->protocol = global->protocol;
+     ptr->peerVerifyMode = global->peerVerifyMode;
+     ptr->peerVerifyDepth = global->peerVerifyDepth;
diff --git a/qt.spec b/qt.spec
index 3450b3dfc22704c1c9fb585c255799706a98b56b..0796f78079785b00254dc08a7ff96094d2c74bdf 100644
--- a/qt.spec
+++ b/qt.spec
@@ -13,7 +13,7 @@
 Name:           qt
 Epoch:          1
 Version:        4.8.7
-Release:        56
+Release:        57
 Summary:        A software toolkit for developing applications
 License:        (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
 URL:            http://qt-project.org/
@@ -89,6 +89,7 @@ Patch6004:      CVE-2018-19873.patch
 Patch6005:      CVE-2020-17507.patch
 Patch6006:      CVE-2020-0570.patch
 Patch6007:      CVE-2023-32573.patch
+Patch6008:      qt-CVE-2023-34410.patch
 
 BuildRequires:  cups-devel desktop-file-utils gcc-c++ libjpeg-devel findutils libmng-devel libtiff-devel pkgconfig pkgconfig(alsa)
 BuildRequires:  pkgconfig(dbus-1) pkgconfig(fontconfig) pkgconfig(glib-2.0) pkgconfig(icu-i18n) openssl-devel pkgconfig(libpng)
@@ -466,6 +467,12 @@ fi
 %{_qt4_prefix}/examples/
 
 %changelog
+* Thu Nov 02 2023 peijiankang<peijiankang@kylinos.cn> - 1:4.8.7-57
+- Type:cves
+- ID:CVE-2023-34410
+- SUG:NA
+- DESC:fix CVE-2023-34410
+
 * Mon Aug 21 2023 peijiankang<peijiankang@kylinos.cn> - 1:4.8.7-56
 - Type:cves
 - ID:CVE-2023-32573