diff --git a/backport-CVE-2024-45490-lib-Reject-negative-len-for-XML_ParseBuffer.patch b/backport-CVE-2024-45490-lib-Reject-negative-len-for-XML_ParseBuffer.patch
new file mode 100644
index 0000000000000000000000000000000000000000..944527a18691f5121ebe77dc85bf8e91fbd6a5e2
--- /dev/null
+++ b/backport-CVE-2024-45490-lib-Reject-negative-len-for-XML_ParseBuffer.patch
@@ -0,0 +1,61 @@
+From 5c1a31642e243f4870c0bd1f2afc7597976521bf Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Mon, 19 Aug 2024 22:26:07 +0200
+Subject: [PATCH] lib: Reject negative len for XML_ParseBuffer
+
+Reported by TaiYou
+
+Conflict:file path adapt
+add error code XML_ERROR_INVALID_ARGUMENT
+parser->m_errorCode => errorCode
+return XML_STATUS_ERROR => return 0
+context adapt
+Reference:https://github.com/libexpat/libexpat/commit/5c1a31642e243f4870c0bd1f2afc7597976521bf
+---
+ lib/expat/xmlparse/xmlparse.c | 8 +++++++-
+ lib/expat/xmlparse/xmlparse.h | 3 ++-
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/lib/expat/xmlparse/xmlparse.c b/lib/expat/xmlparse/xmlparse.c
+index 8087360..d2363da 100644
+--- a/lib/expat/xmlparse/xmlparse.c
++++ b/lib/expat/xmlparse/xmlparse.c
+@@ -4810,6 +4810,11 @@ xmlrpc_XML_ParseBuffer(XML_Parser const xmlParserP,
+         return 0;
+     }
+ 
++    if (len < 0) {
++        errorCode = XML_ERROR_INVALID_ARGUMENT;
++        return 0;
++    }
++
+     parser->m_positionPtr = start;
+     parser->m_bufferEnd += len;
+     parser->m_parseEndByteIndex += len;
+@@ -5017,7 +5022,8 @@ xmlrpc_XML_ErrorString(int const code) {
+         /* UNCLOSED_CDATA_SECTION */  XML_T("unclosed CDATA section"),
+         /* EXTERNAL_ENTITY_HANDLING */
+              XML_T("error in processing external entity reference"),
+-        /* NOT_STANDALONE */          XML_T("document is not standalone")
++        /* NOT_STANDALONE */          XML_T("document is not standalone"),
++        /* INVALID_ARGUMENT */        XML_T("invalid argument")
+     };
+ 
+     const XML_LChar * retval;
+diff --git a/lib/expat/xmlparse/xmlparse.h b/lib/expat/xmlparse/xmlparse.h
+index 76cf0db..63133ba 100644
+--- a/lib/expat/xmlparse/xmlparse.h
++++ b/lib/expat/xmlparse/xmlparse.h
+@@ -518,7 +518,8 @@ enum XML_Error {
+   XML_ERROR_INCORRECT_ENCODING,
+   XML_ERROR_UNCLOSED_CDATA_SECTION,
+   XML_ERROR_EXTERNAL_ENTITY_HANDLING,
+-  XML_ERROR_NOT_STANDALONE
++  XML_ERROR_NOT_STANDALONE,
++  XML_ERROR_INVALID_ARGUMENT
+ };
+ 
+ /* If xmlrpc_XML_Parse or xmlrpc_XML_ParseBuffer have returned 0, then
+-- 
+2.33.0
+
diff --git a/backport-CVE-2024-45491-lib-Detect-integer-overflow-in-dtdCopy.patch b/backport-CVE-2024-45491-lib-Detect-integer-overflow-in-dtdCopy.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3cf4bd45235172acdce6756cbf2b42514525199b
--- /dev/null
+++ b/backport-CVE-2024-45491-lib-Detect-integer-overflow-in-dtdCopy.patch
@@ -0,0 +1,37 @@
+From 8e439a9947e9dc80a395c0c7456545d8d9d9e421 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Mon, 19 Aug 2024 22:34:13 +0200
+Subject: [PATCH] lib: Detect integer overflow in dtdCopy
+
+Reported by TaiYou
+
+Conflict:context adapt
+Reference:https://github.com/libexpat/libexpat/commit/8e439a9947e9dc80a395c0c7456545d8d9d9e421
+---
+ lib/expat/xmlparse/xmlparse.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/lib/expat/xmlparse/xmlparse.c b/lib/expat/xmlparse/xmlparse.c
+index 91682c18..e2327bdc 100644
+--- a/lib/expat/xmlparse/xmlparse.c
++++ b/lib/expat/xmlparse/xmlparse.c
+@@ -7016,6 +7016,16 @@ dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd)
+     if (!newE)
+       return 0;
+     if (oldE->nDefaultAtts) {
++      /* Detect and prevent integer overflow.
++       * The preprocessor guard addresses the "always false" warning
++       * from -Wtype-limits on platforms where
++       * sizeof(int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++      if ((size_t)oldE->nDefaultAtts
++          > ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) {
++        return 0;
++      }
++#endif
+       newE->defaultAtts = (DEFAULT_ATTRIBUTE *)
+           malloc(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
+       if (!newE->defaultAtts)
+-- 
+2.33.0
+
diff --git a/xmlrpc-c.spec b/xmlrpc-c.spec
index 435d328588847ff0973a757ade7a02953f3375c7..4d31e6574aa03035e845b7c7ba57370eb858d59f 100644
--- a/xmlrpc-c.spec
+++ b/xmlrpc-c.spec
@@ -1,6 +1,6 @@
 Name:		xmlrpc-c
 Version:	1.51.08
-Release:        2	
+Release:        3
 Summary:	Library implementing XML-based Remote Procedure Calls
 License:	BSD and MIT
 URL:		http://xmlrpc-c.sourceforge.net/
@@ -9,6 +9,8 @@ Source0:        https://sourceforge.net/projects/xmlrpc-c/files/Xmlrpc-c%20Super
 Patch0001:      backport-0001-xmlrpc_server_abyss-use-va_args-properly.patch
 Patch0003:      backport-0001-add-meson-buildsystem-definitions.patch
 Patch0004:      backport-0002-chmod-x-xml-rpc-api2txt.patch
+Patch0005:      backport-CVE-2024-45490-lib-Reject-negative-len-for-XML_ParseBuffer.patch
+Patch0006:      backport-CVE-2024-45491-lib-Detect-integer-overflow-in-dtdCopy.patch
 
 BuildRequires:	git-core meson >= 0.36.0 gcc gcc-c++ ncurses-devel 
 BuildRequires:  libcurl-devel readline-devel pkgconfig(openssl)
@@ -75,6 +77,12 @@ Header files for xmlrpc-c.
 %{_mandir}/man1/*
 
 %changelog
+* Tue Sep 10 2024 zhouyihang <zhouyihang3@h-partners.com> - 1.51.08-3
+- Type:CVE
+- CVE:CVE-2024-45490 CVE-2024-45491
+- SUG:NA
+- DESC:fix CVE-2024-45490 CVE-2024-45491
+
 * Mon Jun 20 2022 xinghe <xinghe2@h-partners.com> - 1.51.08-2
 - Type:requirement
 - Id:NA