diff --git a/0001-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch b/0001-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch
deleted file mode 100644
index 1f69086..0000000
--- a/0001-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Christophe Fergeau <cfergeau@redhat.com>
-Date: Thu, 29 Nov 2018 14:18:39 +0100
-Subject: [PATCH] memslot: Fix off-by-one error in group/slot boundary check
-
-RedMemSlotInfo keeps an array of groups, and each group contains an
-array of slots. Unfortunately, these checks are off by 1, they check
-that the index is greater or equal to the number of elements in the
-array, while these arrays are 0 based. The check should only check for
-strictly greater than the number of elements.
-
-For the group array, this is not a big issue, as these memslot groups
-are created by spice-server users (eg QEMU), and the group ids used to
-index that array are also generated by the spice-server user, so it
-should not be possible for the guest to set them to arbitrary values.
-
-The slot id is more problematic, as it's calculated from a QXLPHYSICAL
-address, and such addresses are usually set by the guest QXL driver, so
-the guest can set these to arbitrary values, including malicious values,
-which are probably easy to build from the guest PCI configuration.
-
-This patch fixes the arrays bound check, and adds a test case for this.
-This fixes CVE-2019-3813.
-
-Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
----
- server/memslot.c                |  4 ++--
- server/tests/test-qxl-parsing.c | 30 ++++++++++++++++++++++++++++++
- 2 files changed, 32 insertions(+), 2 deletions(-)
-
-diff --git a/server/memslot.c b/server/memslot.c
-index ede77e7..ea6f981 100644
---- a/server/memslot.c
-+++ b/server/memslot.c
-@@ -97,13 +97,13 @@ void *memslot_get_virt(RedMemSlotInfo *info, QXLPHYSICAL addr, uint32_t add_size
- 
-     MemSlot *slot;
- 
--    if (group_id > info->num_memslots_groups) {
-+    if (group_id >= info->num_memslots_groups) {
-         spice_critical("group_id too big");
-         return NULL;
-     }
- 
-     slot_id = memslot_get_id(info, addr);
--    if (slot_id > info->num_memslots) {
-+    if (slot_id >= info->num_memslots) {
-         print_memslots(info);
-         spice_critical("slot_id %d too big, addr=%" PRIx64, slot_id, addr);
-         return NULL;
-diff --git a/server/tests/test-qxl-parsing.c b/server/tests/test-qxl-parsing.c
-index 47139a4..5b8d0f2 100644
---- a/server/tests/test-qxl-parsing.c
-+++ b/server/tests/test-qxl-parsing.c
-@@ -85,6 +85,31 @@ static void deinit_qxl_surface(QXLSurfaceCmd *qxl)
-     g_free(from_physical(qxl->u.surface_create.data));
- }
- 
-+static void test_memslot_invalid_group_id(void)
-+{
-+    RedMemSlotInfo mem_info;
-+    init_meminfo(&mem_info);
-+
-+    memslot_get_virt(&mem_info, 0, 16, 1);
-+}
-+
-+static void test_memslot_invalid_slot_id(void)
-+{
-+    RedMemSlotInfo mem_info;
-+    init_meminfo(&mem_info);
-+
-+    memslot_get_virt(&mem_info, 1 << mem_info.memslot_id_shift, 16, 0);
-+}
-+
-+static void test_memslot_invalid_addresses(void)
-+{
-+    g_test_trap_subprocess("/server/memslot-invalid-addresses/subprocess/group_id", 0, 0);
-+    g_test_trap_assert_stderr("*group_id too big*");
-+
-+    g_test_trap_subprocess("/server/memslot-invalid-addresses/subprocess/slot_id", 0, 0);
-+    g_test_trap_assert_stderr("*slot_id 1 too big*");
-+}
-+
- static void test_no_issues(void)
- {
-     RedMemSlotInfo mem_info;
-@@ -262,6 +287,11 @@ int main(int argc, char *argv[])
- {
-     g_test_init(&argc, &argv, NULL);
- 
-+    /* try to use invalid memslot group/slot */
-+    g_test_add_func("/server/memslot-invalid-addresses", test_memslot_invalid_addresses);
-+    g_test_add_func("/server/memslot-invalid-addresses/subprocess/group_id", test_memslot_invalid_group_id);
-+    g_test_add_func("/server/memslot-invalid-addresses/subprocess/slot_id", test_memslot_invalid_slot_id);
-+
-     /* try to create a surface with no issues, should succeed */
-     g_test_add_func("/server/qxl-parsing-no-issues", test_no_issues);
- 
diff --git a/cfergeau-29AC6C82.keyring b/cfergeau-29AC6C82.keyring
deleted file mode 100644
index 02d5c49..0000000
Binary files a/cfergeau-29AC6C82.keyring and /dev/null differ
diff --git a/spice-0.14.1.tar.bz2 b/spice-0.14.1.tar.bz2
deleted file mode 100644
index 400e5f5..0000000
Binary files a/spice-0.14.1.tar.bz2 and /dev/null differ
diff --git a/spice-0.14.1.tar.bz2.sign b/spice-0.14.1.tar.bz2.sign
deleted file mode 100644
index aa39b28..0000000
--- a/spice-0.14.1.tar.bz2.sign
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEElKn3VmH3emFoZJsjqdjCFCmsbIIFAlt9eDYACgkQqdjCFCms
-bIL79A//Zkp2FfqgBCJMjAr9Tmh4q8nnUV7O6SfapETPWug6tquLXVrqMz3i5CnI
-EnrxXGGZDI0GxSsncJrTkoHoZks6/Ov44hAEArDfYj3B/mhyv6w67kqdQdS9wSve
-2kMYjfTLn0Om3R9Q49izT9kG67bdxfPbxwnlI6qvTszjsjU/iM8Cx+7Opyt0+Jf4
-pIql7kHGCgxMFWzOJKlmsznsreV3NLCBxDUlRuFOjsAxnP3IdM2Ea+L3NeHgEBW5
-gOJrGfR7xUyxTC/D9M93siw3xQFfdu6NBlWXpjSJ92krCWdkSmnEmpiJ4pBOoHc9
-ggst4uoPaN/vLFIxUXvekjJoNXsNxqAPMtPxnujgRqshXrdDlEL2kXzfGlypFyEv
-hmTVMj9R7SJCj9eNIitaz0v1IDGb5nvOV9FTV4s4ils11+rjEHpworc/viWqKe47
-RE4Qy+TJ5sFW0rr/2HFjmQoq+cPTf2rrBJRBtB6sSlpTOQ9NekCrqXHL3HKbz1Vx
-SYtwWte8SaaqbrpzHAg+adWxzUJFS6A4a5ErtRVOlqINOKZofUbKctWryx/vZEJY
-moyBgnjnY2lWWjz132l4ZEWn99A0jCkA8mibEbSsqzzlrH8UnFsaYnUN85y6e5g8
-SlX1g3gdW1n2NV9Flf6iHs4tQ7azBqGP6GpzIlEbyLC0QTcfAHk=
-=FapA
------END PGP SIGNATURE-----
diff --git a/spice-0.14.3.tar.bz2 b/spice-0.14.3.tar.bz2
new file mode 100644
index 0000000..eab4a55
Binary files /dev/null and b/spice-0.14.3.tar.bz2 differ
diff --git a/spice-0.14.3.tar.bz2.sign b/spice-0.14.3.tar.bz2.sign
new file mode 100644
index 0000000..2b406f7
Binary files /dev/null and b/spice-0.14.3.tar.bz2.sign differ
diff --git a/spice.spec b/spice.spec
index cdc7690..88b4c69 100644
--- a/spice.spec
+++ b/spice.spec
@@ -1,5 +1,5 @@
 Name:           spice
-Version:        0.14.1
+Version:        0.14.3
 Release:        1
 Summary:        Implements the SPICE protocol
 Group:          User Interface/Desktops
@@ -7,13 +7,11 @@ License:        LGPLv2+
 URL:            https://www.spice-space.org/
 Source0:        https://www.spice-space.org/download/releases/%{name}-%{version}.tar.bz2
 Source1:        https://www.spice-space.org/download/releases/%{name}-%{version}.tar.bz2.sign
-Source2:        cfergeau-29AC6C82.keyring
-
-Patch1:         0001-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch
+Source2:        victortoso-E37A484F.keyring
 
 ExclusiveArch:  %{ix86} x86_64 %{arm} aarch64
 
-BuildRequires:  gcc pkgconfig glib2-devel spice-protocol  opus-devel git-core gnupg2
+BuildRequires:  gcc pkgconfig glib2-devel spice-protocol >= 0.14.0 opus-devel git-core gnupg2
 BuildRequires:  pixman-devel openssl-devel libjpeg-devel libcacard-devel cyrus-sasl-devel
 BuildRequires:  lz4-devel gstreamer1-devel gstreamer1-plugins-base-devel orc-devel 
 
@@ -69,9 +67,12 @@ install -d  %{buildroot}%{_libexecdir}
 
 %files help
 %defattr(-,root,root)
-%doc README NEWS
+%doc README
 
 %changelog
+* Tues Oct 4 2020 jinzhimin<jinzhimin2@huawei.com> - 0.14.3-1
+- update to 0.14.3
+
 * Fri Oct 11 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.14.0-6
 - Package init
 
diff --git a/victortoso-E37A484F.keyring b/victortoso-E37A484F.keyring
new file mode 100644
index 0000000..be91873
Binary files /dev/null and b/victortoso-E37A484F.keyring differ