diff --git a/6000-CVE-2018-16889.patch b/0001-CVE-2018-16889.patch
similarity index 100%
rename from 6000-CVE-2018-16889.patch
rename to 0001-CVE-2018-16889.patch
diff --git a/6001-CVE-2018-16846-1.patch b/0002-CVE-2018-16846-1.patch
similarity index 100%
rename from 6001-CVE-2018-16846-1.patch
rename to 0002-CVE-2018-16846-1.patch
diff --git a/6002-CVE-2018-16846-2.patch b/0003-CVE-2018-16846-2.patch
similarity index 100%
rename from 6002-CVE-2018-16846-2.patch
rename to 0003-CVE-2018-16846-2.patch
diff --git a/6003-CVE-2018-14662.patch b/0004-CVE-2018-14662.patch
similarity index 100%
rename from 6003-CVE-2018-14662.patch
rename to 0004-CVE-2018-14662.patch
diff --git a/0005-CVE-2020-12059.patch b/0005-CVE-2020-12059.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4096aa484d3e75aab8e035132bd584e9d6db3584
--- /dev/null
+++ b/0005-CVE-2020-12059.patch
@@ -0,0 +1,30 @@
+From 375d926a4f2720a29b079c216bafb884eef985c3 Mon Sep 17 00:00:00 2001
+From: Abhishek Lekshmanan <abhishek@suse.com>
+Date: Wed, 22 Apr 2020 11:24:34 +0200
+Subject: [PATCH] rgw: check for tagging element in POST Obj requests
+
+Check for null element when reading the tagging field from POST obj XML
+
+Fixes: https://tracker.ceph.com/issues/44967
+Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
+---
+ src/rgw/rgw_rest_s3.cc | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
+index bfda4232..ac2a0272 100644
+--- a/src/rgw/rgw_rest_s3.cc
++++ b/src/rgw/rgw_rest_s3.cc
+@@ -420,6 +420,9 @@ int RGWPutObjTags_ObjStore_S3::get_params()
+   RGWObjTagging_S3 *tagging;
+ 
+   tagging = static_cast<RGWObjTagging_S3 *>(parser.find_first("Tagging"));
++  if (!tagging) {
++    return -ERR_MALFORMED_XML;
++  }
+   obj_tags_s3 = static_cast<RGWObjTagSet_S3 *>(tagging->find_first("TagSet"));
+   if(!obj_tags_s3){
+     return -ERR_MALFORMED_XML;
+-- 
+2.27.0
+
diff --git a/ceph.spec b/ceph.spec
index dddcffc7beeca8be256cd73c30ab2e6b5ee6b21c..d5d2a9e96bfd0851806619431e4a80d00457836e 100644
--- a/ceph.spec
+++ b/ceph.spec
@@ -68,7 +68,7 @@
 #################################################################################
 Name:		ceph
 Version:	12.2.8
-Release:	8
+Release:	9
 Epoch:		2
 
 # define _epoch_prefix macro which will expand to the empty string if epoch is
@@ -84,10 +84,11 @@ URL:		http://ceph.com/
 Source0:	http://ceph.com/download/ceph-12.2.8.tar.gz
 
 # backport for cves
-Patch6000:	6000-CVE-2018-16889.patch
-Patch6001:	6001-CVE-2018-16846-1.patch
-Patch6002:	6002-CVE-2018-16846-2.patch
-Patch6003:      6003-CVE-2018-14662.patch
+Patch1:	0001-CVE-2018-16889.patch
+Patch2:	0002-CVE-2018-16846-1.patch
+Patch3:	0003-CVE-2018-16846-2.patch
+Patch4: 0004-CVE-2018-14662.patch
+Patch5: 0005-CVE-2020-12059.patch
 
 %if 0%{?suse_version}
 %if 0%{?is_opensuse}
@@ -1796,6 +1797,9 @@ exit 0
 
 
 %changelog
+* Wed Dec 30 2020 yanglongkang <yanglongkang@huawei.com> - 1:12.2.8-9
+- fix CVE-2020-12059
+
 * Fri Sep 25 2020 wuguanghao <wuguanghao3@huawei.com> - 1:12.2.8-8
 - remove the python-virtualenv package from BuildRequires to solve the compilation problem