diff --git a/0002-fix-caps-parameter-cannot-be-parsed.patch b/0002-fix-caps-parameter-cannot-be-parsed.patch
index 3ddcced02b91f35e1d13f653344041bef651b2ed..8322c80112b6d14ce48ba4894b3cb0d1a2d27ffa 100644
--- a/0002-fix-caps-parameter-cannot-be-parsed.patch
+++ b/0002-fix-caps-parameter-cannot-be-parsed.patch
@@ -5,24 +5,30 @@ Subject: [PATCH] fix caps parameter cannot be parsed
 
 Signed-off-by: shenxiangwei <shenxiangwei1@huawei.com>
 Signed-off-by: zhoushuiqing <zhoushuiqing2@huawei.com>
+Signed-off-by: xuce <xuce10@h-parnters.com>
+
 ---
- src/evmctl.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
+ src/evmctl.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
 
 diff --git a/src/evmctl.c b/src/evmctl.c
-index 70d07a5..19175b8 100644
+index 3748c31..6c99685 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -472,14 +472,14 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -472,14 +472,17 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  		} else if (!strcmp(*xattrname, XATTR_NAME_CAPS) && (hmac_flags & HMAC_FLAG_CAPS_SET)) {
  			if (!caps_str)
  				continue;
 -			err = strlen(caps_str);
-+			hex2bin(xattr_value, caps_str, strlen(caps_str) >> 1);
 +			err = strlen(caps_str) >> 1;
  			if (err >= sizeof(xattr_value)) {
  				log_err("caps[%u] value is too long to fit into xattr[%zu]\n",
- 					err + 1, sizeof(xattr_value));
+-					err + 1, sizeof(xattr_value));
++					err, sizeof(xattr_value));
++				err = -1;
++				goto out;
++			}
++			if (hex2bin(xattr_value, caps_str, strlen(caps_str) >> 1)) {
  				err = -1;
  				goto out;
  			}
@@ -31,5 +37,5 @@ index 70d07a5..19175b8 100644
  			err = lgetxattr(file, *xattrname, xattr_value, sizeof(xattr_value));
  			if (err < 0) {
 -- 
-2.33.0
+2.43.0
 
diff --git a/ima-evm-utils.spec b/ima-evm-utils.spec
index a2bbf0a9a95d497a9b20df387e68886e3bf4eed8..31ee309e99a6ff7df807b830d61b9cde049a6321 100644
--- a/ima-evm-utils.spec
+++ b/ima-evm-utils.spec
@@ -1,6 +1,6 @@
 Name:         ima-evm-utils
 Version:      1.5
-Release:      1
+Release:      2
 Summary:      IMA/EVM control utilities
 License:      GPLv2
 URL:          http://linux-ima.sourceforge.net/
@@ -80,6 +80,9 @@ make check
 %endif
 
 %changelog
+* Tue Dec 09 2025 Linux_zhang <zhangruifang@h-partners.com> - 1.5-2
+- fix the stack overflow vulnerability
+
 * Fri Jul 28 2023 zhoushuiqing <zhoushuiqing2@huawei.com> - 1.5-1
 - Upgrade to 1.5 with compatibility