diff --git a/CVE-2020-28896.patch b/CVE-2020-28896.patch
new file mode 100644
index 0000000..7d37af0
--- /dev/null
+++ b/CVE-2020-28896.patch
@@ -0,0 +1,27 @@
+From 7a0bd4a7535eba5a6c7893803091a7d6e07cc15d Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Thu, 7 Jan 2021 10:43:55 +0800
+Subject: [PATCH] Ensure IMAP connection is closed after a connection error.
+
+---
+ imap/imap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/imap/imap.c b/imap/imap.c
+index 0c3b79d..5256035 100644
+--- a/imap/imap.c
++++ b/imap/imap.c
+@@ -508,9 +508,9 @@ int imap_open_connection (IMAP_DATA* idata)
+ 
+ #if defined(USE_SSL)
+  err_close_conn:
+-  imap_close_connection (idata);
+ #endif
+  bail:
++  imap_close_connection (idata);
+   FREE (&idata->capstr);
+   return -1;
+ }
+-- 
+2.23.0
+
diff --git a/mutt.spec b/mutt.spec
index 92e81f0..2c64f43 100644
--- a/mutt.spec
+++ b/mutt.spec
@@ -1,6 +1,6 @@
 Name:           mutt
 Version:        1.10.1
-Release:        2
+Release:        3
 Epoch:          5
 Summary:        Text-based mail client
 License:        GPLv2+ and Public Domain
@@ -15,6 +15,7 @@ Patch2:         mutt-1.8.0-cabundle.patch
 Patch3:         mutt-1.7.0-syncdebug.patch
 Patch8:         mutt-1.5.23-system_certs.patch
 Patch9:         mutt-1.9.0-ssl_ciphers.patch
+Patch13:        CVE-2020-28896.patch
 
 BuildRequires:  gcc ncurses-devel gettext automake /usr/bin/xsltproc
 BuildRequires:  lynx docbook-style-xsl perl-interpreter perl-generators
@@ -119,5 +120,8 @@ ln -sf ./muttrc.5 %{buildroot}%{_mandir}/man5/muttrc.local.5
 %{_mandir}/man5/muttrc.*
 
 %changelog
+* Thu Jan 07 2021 wangyue<wangyue92@huawei.com> - 1.10.1-3
+- fix CVE-2020-28896
+
 * Tue Nov 19 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.10.1-2
-- Package init
\ No newline at end of file
+- Package init