diff --git a/CVE-2023-41040.patch b/CVE-2023-41040.patch
deleted file mode 100644
index 2cba63f..0000000
--- a/CVE-2023-41040.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 64ebb9fcdfbe48d5d61141a557691fd91f1e88d6 Mon Sep 17 00:00:00 2001
-From: Facundo Tuesca <facundo.tuesca@trailofbits.com>
-Date: Tue, 5 Sep 2023 09:51:50 +0200
-Subject: [PATCH] Fix CVE-2023-41040
-
-This change adds a check during reference resolving to see if it
-contains an up-level reference ('..'). If it does, it raises an
-exception.
-
-This fixes CVE-2023-41040, which allows an attacker to access files
-outside the repository's directory.
----
- git/refs/symbolic.py | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/git/refs/symbolic.py b/git/refs/symbolic.py
-index 33c3bf15b..5c293aa7b 100644
---- a/git/refs/symbolic.py
-+++ b/git/refs/symbolic.py
-@@ -168,6 +168,8 @@ def _get_ref_info_helper(
-         """Return: (str(sha), str(target_ref_path)) if available, the sha the file at
-         rela_path points to, or None. target_ref_path is the reference we
-         point to, or None"""
-+        if ".." in str(ref_path):
-+            raise ValueError(f"Invalid reference '{ref_path}'")
-         tokens: Union[None, List[str], Tuple[str, str]] = None
-         repodir = _git_dir(repo, ref_path)
-         try:
diff --git a/GitPython-3.1.32.tar.gz b/GitPython-3.1.32.tar.gz
deleted file mode 100644
index 2f171be..0000000
Binary files a/GitPython-3.1.32.tar.gz and /dev/null differ
diff --git a/GitPython-3.1.40.tar.gz b/GitPython-3.1.40.tar.gz
new file mode 100644
index 0000000..ac085d1
Binary files /dev/null and b/GitPython-3.1.40.tar.gz differ
diff --git a/python-GitPython.spec b/python-GitPython.spec
index e4e0761..663cb05 100644
--- a/python-GitPython.spec
+++ b/python-GitPython.spec
@@ -1,13 +1,11 @@
 %global _empty_manifest_terminate_build 0
 Name:		python-GitPython
-Version:	3.1.32
-Release:	2
+Version:	3.1.40
+Release:	1
 Summary:	GitPython is a python library used to interact with Git repositories
 License:	BSD-3-Clause
 URL:		https://github.com/gitpython-developers/GitPython
-Source0:	https://files.pythonhosted.org/packages/5f/11/2b0f60686dbda49028cec8c66bd18a5e82c96d92eef4bc34961e35bb3762/GitPython-3.1.32.tar.gz
-# https://github.com/gitpython-developers/GitPython/commit/64ebb9fcdfbe48d5d61141a557691fd91f1e88d6
-Patch0:         CVE-2023-41040.patch
+Source0:	https://files.pythonhosted.org/packages/0d/b2/37265877ae607a2cbf9a471f4581dbf5ed13a501b90cb4c773f9ccfff3ea/GitPython-3.1.40.tar.gz
 BuildArch:	noarch
 
 %description
@@ -83,6 +81,9 @@ mv %{buildroot}/doclist.lst .
 %{_docdir}/*
 
 %changelog
+* Fri Nov 03 2023 jiangxinyu <jiangxinyu@kylinos.cn> - 3.1.40-1
+- Update package to version 3.1.40
+
 * Mon Sep 11 2023 yaoxin <yao_xin001@hoperun.com> - 3.1.32-2
 - Fix CVE-2023-41040