diff --git a/CVE-2019-19977.patch b/CVE-2019-19977.patch
new file mode 100644
index 0000000..90c8b97
--- /dev/null
+++ b/CVE-2019-19977.patch
@@ -0,0 +1,69 @@
+From 9fc96e9f52b6b8ca67463289cde6d50b3d5911f9 Mon Sep 17 00:00:00 2001
+From: liaichun <liaichun@huawei.com>
+Date: Mon, 20 Apr 2020 14:35:35 +0800
+Subject: [PATCH] remove ntlm_build_type_2 to fix CVE-2019-19977
+
+---
+ ntlm/ntlm.h       |  2 --
+ ntlm/ntlmstruct.c | 32 --------------------------------
+ 2 files changed, 34 deletions(-)
+
+diff --git a/ntlm/ntlm.h b/ntlm/ntlm.h
+index 50a49d6..d5dae83 100644
+--- a/ntlm/ntlm.h
++++ b/ntlm/ntlm.h
+@@ -35,8 +35,6 @@ void ntlm_responses (unsigned char *lm_resp, unsigned char *nt_resp,
+ 
+ size_t ntlm_build_type_1 (char *buf, size_t buflen, unsigned int flags,
+ 			  const char *domain, const char *workstation);
+-size_t ntlm_build_type_2 (char *buf, size_t buflen, unsigned int flags,
+-			  const unsigned char *nonce, const char *domain);
+ size_t ntlm_build_type_3 (char *buf, size_t buflen,
+ 			  unsigned int flags,
+ 			  const unsigned char *lm_resp,
+diff --git a/ntlm/ntlmstruct.c b/ntlm/ntlmstruct.c
+index dfb80de..3167da7 100644
+--- a/ntlm/ntlmstruct.c
++++ b/ntlm/ntlmstruct.c
+@@ -218,38 +218,6 @@ ntlm_build_type_1 (char *buf, size_t buflen, unsigned int flags,
+   return offset;
+ }
+ 
+-/* Build a NTLM type 2 structure in the buffer */
+-size_t
+-ntlm_build_type_2 (char *buf, size_t buflen, unsigned int flags,
+-                   const unsigned char *nonce, const char *domain)
+-{
+-  size_t offset = T2SIZE;
+-  size_t len;
+-  char string[256];
+-  unsigned char *up;
+-
+-  if (buflen < offset)
+-    return 0;
+-  memcpy (buf, NTLMSSP, 8);
+-  write_uint32 (buf, MSGTYPE, 2);
+-  up = NULL;
+-  len = 0;
+-  if (domain != NULL)
+-    {
+-      len = strlen (domain);
+-      if (offset + 2 * len > buflen)
+-	return 0;
+-      up = nt_unicode (lm_uccpy (string, len, domain), 2 * len);
+-    }
+-  write_string (buf, T2AUTHTARGET, &offset, up, len);
+-  if (up != NULL)
+-    free (up);
+-  write_uint32 (buf, T2FLAGS, flags);
+-  memcpy (buf + T2NONCE, nonce, 8);
+-  memset (buf + T2RESERVED, 0, 8);
+-  return offset;
+-}
+-
+ /* Build a NTLM type 3 structure in the buffer */
+ size_t
+ ntlm_build_type_3 (char *buf, size_t buflen, unsigned int flags,
+-- 
+1.8.3.1
+
diff --git a/libesmtp.spec b/libesmtp.spec
index 2811968..b34c125 100644
--- a/libesmtp.spec
+++ b/libesmtp.spec
@@ -2,13 +2,14 @@
 
 Name:           libesmtp
 Version:        1.0.6
-Release:        18
+Release:        19
 Summary:        A library for posting electronic mail
 License:        LGPLv2+
 
 URL:            https://www.stafford.uklinux.net/%{name}/
 Source:         https://www.stafford.uklinux.net/%{name}/%{name}-%{version}.tar.bz2
 Patch0:         libesmtp-1.0.6-openssl-1.1.patch
+Patch1:         CVE-2019-19977.patch
 BuildRequires:  gcc openssl-devel pkgconfig autoconf automake libtool
 
 %description
@@ -93,6 +94,12 @@ install -p -m 644 -D %{name}.pc %{buildroot}%{_libdir}/pkgconfig/%{name}.pc
 %doc NEWS Notes README
 
 %changelog
+* Mon Apr 20 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.0.6-19
+- Type:cves
+- ID:CVE-2019-19977
+- SUG:NA
+- DESC:remove ntlm_build_type_2() to fix CVE-2019-19977
+ 
 * Mon Oct 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.0.6-18
 - Type:enhancement
 - Id:NA