diff --git a/libproxy-0.4.15-fix-CVE-2020-25219.patch b/libproxy-0.4.15-fix-CVE-2020-25219.patch
new file mode 100644
index 0000000000000000000000000000000000000000..15c8c1ff2a2dbab64aa9288deb3b61f303f17d39
--- /dev/null
+++ b/libproxy-0.4.15-fix-CVE-2020-25219.patch
@@ -0,0 +1,58 @@
+From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@gnome.org>
+Date: Wed, 9 Sep 2020 11:12:02 -0500
+Subject: [PATCH] Rewrite url::recvline to be nonrecursive
+ 
+This function processes network input. It's semi-trusted, because the
+PAC ought to be trusted. But we still shouldn't allow it to control how
+far we recurse. A malicious PAC can cause us to overflow the stack by
+sending a sufficiently-long line without any '\n' character.
+ 
+Also, this function failed to properly handle EINTR, so let's fix that
+too, for good measure.
+ 
+Fixes #134
+---
+ libproxy/url.cpp | 28 ++++++++++++++++++----------
+ 1 file changed, 18 insertions(+), 10 deletions(-)
+ 
+diff --git a/libproxy/url.cpp b/libproxy/url.cpp
+index ee776b2..68d69cd 100644
+--- a/libproxy/url.cpp
++++ b/libproxy/url.cpp
+@@ -386,16 +386,24 @@ string url::to_string() const {
+ 	return m_orig;
+ }
+ 
+-static inline string recvline(int fd) {
+-	// Read a character.
+-	// If we don't get a character, return empty string.
+-	// If we are at the end of the line, return empty string.
+-	char c = '\0';
+-	
+-	if (recv(fd, &c, 1, 0) != 1 || c == '\n')
+-		return "";
+-
+-	return string(1, c) + recvline(fd);
++static string recvline(int fd) {
++	string line;
++	int ret;
++
++	// Reserve arbitrary amount of space to avoid small memory reallocations.
++	line.reserve(128);
++
++	do {
++		char c;
++		ret = recv(fd, &c, 1, 0);
++		if (ret == 1) {
++			if (c == '\n')
++				return line;
++			line += c;
++		}
++	} while (ret == 1 || (ret == -1 && errno == EINTR));
++
++	return line;
+ }
+ 
+ char* url::get_pac() {
+ 
\ No newline at end of file
diff --git a/libproxy.spec b/libproxy.spec
index c1b87fe1f1c0a172a3af56cb05e5184034dabe98..de2d2be52816e33ce9eb0159fc7b1fde063eb488 100644
--- a/libproxy.spec
+++ b/libproxy.spec
@@ -1,6 +1,6 @@
 Name:           libproxy
 Version:        0.4.15
-Release:        16
+Release:        17
 Summary:        Libproxy is a library that provides automatic proxy configuration management
 
 License:        LGPLv2+
@@ -15,9 +15,10 @@ Patch1:         libproxy-0.4.11-crash.patch
 Patch2:         libproxy-0.4.15-python3738.patch
 Patch3:         libproxy-0.4.15-mozjs52.patch
 Patch4:         Fix-buffer-overflow-when-PAC-is-enabled.patch 
-Patch5: 	libproxy-0.4.15-mozjs60.patch
-Patch6:		libproxy-0.4.15-mozjs68.patch
-Patch7:		libproxy-0.4.15-mozjs-use-after-free.patch
+Patch5:         libproxy-0.4.15-mozjs60.patch
+Patch6:         libproxy-0.4.15-mozjs68.patch
+Patch7:         libproxy-0.4.15-mozjs-use-after-free.patch
+Patch8:         libproxy-0.4.15-fix-CVE-2020-25219.patch
 
 
 BuildRequires:  cmake >= 2.6.0 gcc-c++
@@ -127,6 +128,12 @@ make test
 %{_mandir}/man1/proxy.1*
 
 %changelog
+* Thu Oct 29 liuxin <liuxin264@huawei.com> - 0.4.15-17
+- Type:cves
+- Id:NA
+- SUG:NA
+- DESC:Disable mozjs backend by default and fix CVE-2020-25219
+
 * Tue Oct 27 orange-snn <songnannan2@huawei.com> - 0.4.15-16
 - change the mozjs52 to mozjs68 in buildRequires