diff --git a/dist b/dist
index 89c1faffc18349bb12eee2371e9dc43bf419b95c..635820538d487259e6dce4499a172e3066902da5 100644
--- a/dist
+++ b/dist
@@ -1 +1 @@
-an9
+an9_5
diff --git a/emacs-man-el-shell-injection-vulnerability.patch b/emacs-man-el-shell-injection-vulnerability.patch
new file mode 100644
index 0000000000000000000000000000000000000000..584d9fffd2898a05238f3e25c15652ca0c712d54
--- /dev/null
+++ b/emacs-man-el-shell-injection-vulnerability.patch
@@ -0,0 +1,57 @@
+From 820f0793f0b46448928905552726c1f1b999062f Mon Sep 17 00:00:00 2001
+From: Xi Lu <lx@shellcodes.org>
+Date: Tue, 10 Oct 2023 22:20:05 +0800
+Subject: Fix man.el shell injection vulnerability
+
+* lisp/man.el (Man-translate-references): Fix shell injection
+vulnerability.  (Bug#66390)
+* test/lisp/man-tests.el (man-tests-Man-translate-references): New
+test.
+---
+ lisp/man.el            |  6 +++++-
+ test/lisp/man-tests.el | 12 ++++++++++++
+ 2 files changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/lisp/man.el b/lisp/man.el
+index 55cb938..d963964 100644
+--- a/lisp/man.el
++++ b/lisp/man.el
+@@ -761,7 +761,11 @@ and the `Man-section-translations-alist' variables)."
+       (setq name (match-string 2 ref)
+ 	    section (match-string 1 ref))))
+     (if (string= name "")
+-	ref				; Return the reference as is
++        ;; see Bug#66390
++	(mapconcat 'identity
++                   (mapcar #'shell-quote-argument
++                           (split-string ref "\\s-+"))
++                   " ")                 ; Return the reference as is
+       (if Man-downcase-section-letters-flag
+ 	  (setq section (downcase section)))
+       (while slist
+diff --git a/test/lisp/man-tests.el b/test/lisp/man-tests.el
+index 140482e..11f5f80 100644
+--- a/test/lisp/man-tests.el
++++ b/test/lisp/man-tests.el
+@@ -161,6 +161,18 @@ DESCRIPTION
+           (let ((button (button-at (match-beginning 0))))
+             (should (and button (eq 'Man-xref-header-file (button-type button))))))))))
+ 
++(ert-deftest man-tests-Man-translate-references ()
++  (should (equal (Man-translate-references "basename")
++                 "basename"))
++  (should (equal (Man-translate-references "basename(3)")
++                 "3 basename"))
++  (should (equal (Man-translate-references "basename(3v)")
++                 "3v basename"))
++  (should (equal (Man-translate-references ";id")
++                 "\\;id"))
++  (should (equal (Man-translate-references "-k basename")
++                 "-k basename")))
++
+ (provide 'man-tests)
+ 
+ ;;; man-tests.el ends here
+-- 
+cgit v1.1
+
diff --git a/emacs.spec b/emacs.spec
index aa8000f7c69f1d62163c23f9b8b041ff69fcf356..8cdaef861387e500459dd64d248385cb46bd92f6 100644
--- a/emacs.spec
+++ b/emacs.spec
@@ -6,7 +6,7 @@ Summary:       GNU Emacs text editor
 Name:          emacs
 Epoch:         1
 Version:       27.2
-Release:       10%{anolis_release}%{?dist}
+Release:       11%{anolis_release}%{?dist}.1
 License:       GPLv3+ and CC0-1.0
 URL:           http://www.gnu.org/software/emacs/
 Source0:       https://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz
@@ -38,6 +38,7 @@ Patch10:       emacs-consider-org-file-contents-unsafe.patch
 Patch11:       emacs-mark-contents-untrusted.patch
 Patch12:       emacs-latex-preview.patch
 Patch13:       emacs-org-link-expand-abbrev-unsafe-elisp.patch
+Patch14:       emacs-man-el-shell-injection-vulnerability.patch
 BuildRequires: gcc
 # Add by Anolis
 Patch1001:     1001-emacs-add-sw.patch
@@ -211,19 +212,20 @@ Doc pages for %{name}.
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %setup -q
 
-%patch1 -p1 -b .spellchecker
-%patch2 -p1 -b .system-crypto-policies
-%patch3 -p1 -b .glibc2.34
-%patch4 -p1 -b .ctags-local-command-execute-vulnerability
-%patch5 -p1 -b .64KB-page-size-for-pdump
-%patch6 -p1 -b .etags-local-command-injection-vulnerability
-%patch7 -p1 -b .htmlfontify-command-injection-vulnerability
-%patch8 -p1 -b .ruby-mode-local-command-injection-vulnerability
-%patch9 -p1 -b .ob-latex-command-injection-vulnerability
-%patch10 -p1 -b .consider-org-file-contents-unsafe
-%patch11 -p1 -b .mark-contents-untrusted
-%patch12 -p1 -b .latex-preview
-%patch13 -p1 -b .org-link-expand-abbrev-unsafe-elisp
+%patch -P 1 -p1 -b .spellchecker
+%patch -P 2 -p1 -b .system-crypto-policies
+%patch -P 3 -p1 -b .glibc2.34
+%patch -P 4 -p1 -b .ctags-local-command-execute-vulnerability
+%patch -P 5 -p1 -b .64KB-page-size-for-pdump
+%patch -P 6 -p1 -b .etags-local-command-injection-vulnerability
+%patch -P 7 -p1 -b .htmlfontify-command-injection-vulnerability
+%patch -P 8 -p1 -b .ruby-mode-local-command-injection-vulnerability
+%patch -P 9 -p1 -b .ob-latex-command-injection-vulnerability
+%patch -P 10 -p1 -b .consider-org-file-contents-unsafe
+%patch -P 11 -p1 -b .mark-contents-untrusted
+%patch -P 12 -p1 -b .latex-preview
+%patch -P 13 -p1 -b .org-link-expand-abbrev-unsafe-elisp
+%patch -P 14 -p1 -b .man-el-shell-injection-vulnerability
 
 %ifarch loongarch64
 %_update_config_guess
@@ -526,11 +528,18 @@ rm %{buildroot}%{_datadir}/icons/hicolor/scalable/mimetypes/emacs-document23.svg
 %doc doc/NEWS BUGS README
 
 %changelog
-* Fri Nov 15 2024 Xiaoping Liu <liuxiaoping@alibaba-inc.com> - 1:27.2-10.0.1
+* Fri Feb 28 2025 Xiaoping Liu <liuxiaoping@alibaba-inc.com> - 1:27.2-11.0.1.1
 - Add doc sub package
 - update config.sub and config.guess for loongarch64 (Jingyun Hua)
 - cherry-pick `add sw patch #349896d0a48b80b530cfa5cc2bd1fc4ceff68e42`. (nijie@wxiat.com)
 
+* Mon Feb 24 2025 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-11.el9_5.1
+- Fix man.el shell injection vulnerability (RHEL-79021)
+- Eliminate use of obsolete patch syntax (RHEL-80450)
+
+* Wed Feb 19 2025 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-11
+- Fix man.el shell injection vulnerability (RHEL-79025)
+
 * Fri Mar 15 2024 Jacek Migacz <jmigacz@redhat.com> - 1:27.2-10
 - Disable xwidgets (RHEL-14551)
 - org-file-contents: Consider all remote files unsafe (CVE-2024-30205)