diff --git a/download b/download
new file mode 100644
index 0000000000000000000000000000000000000000..ca810a085664699017a66935be187ff3634a1feb
--- /dev/null
+++ b/download
@@ -0,0 +1 @@
+ce356906a249ac21a93d63ccafb27609  pymongo-3.7.0.tar.gz
diff --git a/pymongo-3.7.0.tar.gz b/pymongo-3.7.0.tar.gz
deleted file mode 100644
index 4159fb264fa330582b5896284bba6a4a570081ac..0000000000000000000000000000000000000000
Binary files a/pymongo-3.7.0.tar.gz and /dev/null differ
diff --git a/pymongo-CVE-2024-5629.patch b/pymongo-CVE-2024-5629.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f038666d7114787e1de859f808b6376ee2e4cc4a
--- /dev/null
+++ b/pymongo-CVE-2024-5629.patch
@@ -0,0 +1,33 @@
+Backported upstream commit https://github.com/mongodb/mongo-python-driver/commit/56b6b6dbc267d365d97c037082369dabf37405d2
+Fixed CVE-2024-5629
+diff -ur mongo-python-driver-3.7.0/bson/_cbsonmodule.c mongo_patch/bson/_cbsonmodule.c
+--- mongo-python-driver-3.7.0/bson/_cbsonmodule.c	2018-06-26 18:08:42.000000000 +0000
++++ mongo_patch/bson/_cbsonmodule.c	2025-04-06 07:06:48.259986820 +0000
+@@ -2280,6 +2280,7 @@
+             uint32_t c_w_s_size;
+             uint32_t code_size;
+             uint32_t scope_size;
++	    uint32_t len;
+             PyObject* code;
+             PyObject* scope;
+             PyObject* code_type;
+@@ -2299,7 +2300,8 @@
+             memcpy(&code_size, buffer + *position, 4);
+             code_size = BSON_UINT32_FROM_LE(code_size);
+             /* code_w_scope length + code length + code + scope length */
+-            if (!code_size || max < code_size || max < 4 + 4 + code_size + 4) {
++	    len = 4 + 4 + code_size + 4;
++            if (!code_size || max < code_size || max < len || len < code_size) {
+                 goto invalid;
+             }
+             *position += 4;
+@@ -2322,7 +2324,8 @@
+                 goto invalid;
+             }
+             /* code length + code + scope length + scope */
+-            if ((4 + code_size + 4 + scope_size) != c_w_s_size) {
++	    len = 4 + 4 + code_size + scope_size;
++            if (scope_size < BSON_MIN_SIZE || len != c_w_s_size || len < scope_size) {
+                 Py_DECREF(code);
+                 goto invalid;
+             }
diff --git a/python-pymongo.spec b/python-pymongo.spec
index f35a0f112561dc1cf94a8844ce9ec805eb9191ca..f85f07976013bc8d8b9b9d22d0505c6a4d32cb57 100644
--- a/python-pymongo.spec
+++ b/python-pymongo.spec
@@ -23,7 +23,7 @@
 
 Name:           python-pymongo
 Version:        3.7.0
-Release:        1%{anolis_release}%{?dist}
+Release:        2%{anolis_release}%{?dist}
 
 # All code is ASL 2.0 except bson/time64*.{c,h} which is MIT
 License:        ASL 2.0 and MIT
@@ -38,6 +38,7 @@ ExclusiveArch:  %{mongodb_arches}
 # and CVE-2013-2099, and wasn't needed anyway since Fedora >= 22 has the needed module in the Python
 # standard library. It also adjusts imports so that they exclusively use the code from Python.
 Patch01:        0001-Use-ssl.match_hostname-from-the-Python-stdlib.patch
+Patch02:	pymongo-CVE-2024-5629.patch
 
 %if %{with tests}
 %ifnarch armv7hl ppc64 s390 s390x
@@ -163,6 +164,7 @@ contains the python3 version of this module.
 %prep
 %setup -q -n mongo-python-driver-%{version}
 %patch01 -p1 -b .ssl
+%patch02 -p1
 
 # Remove the bundled ssl.match_hostname library as it was vulnerable to CVE-2013-7440
 # and CVE-2013-2099, and isn't needed anyway since Fedora >= 22 has the needed module in the Python
@@ -286,9 +288,12 @@ pkill mongod
 
 
 %changelog
-* Tue Jan 25 2022 Liwei Ge <geliwei@openanolis.org> - 3.7.0-1.0.1
+* Wed Jun 04 2025 Liwei Ge <geliwei@openanolis.org> - 3.7.0-2.0.1
 - Add loongarch64 platform support
 
+* Fri Apr 04 2025 Filip Janus <fjanus@redhat.com> - 3.7.0-2
+- Backport CVE-2024-5629
+
 * Fri Oct 09 2020 Lukas Javorsky <ljavorsk@redhat.com> - 3.7.0-1
 - Rebase to 3.7.0
 - Includes new SCRAM-SHA-256 authentication