diff --git a/meta/recipes-devtools/perl/perl-5.14.3/perl-5.14.3-fix-CVE-2010-4777.patch b/meta/recipes-devtools/perl/perl-5.14.3/perl-5.14.3-fix-CVE-2010-4777.patch
new file mode 100644
index 0000000000..e0dcf412bb
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl-5.14.3/perl-5.14.3-fix-CVE-2010-4777.patch
@@ -0,0 +1,45 @@
+perl:fix for CVE-2010-4777
+
+Upstream-Status: Backport
+    
+The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0,
+5.14.0, and other versions, when running with debugging enabled,
+allows context-dependent attackers to cause a denial of service
+(assertion failure and application exit) via crafted input that
+is not properly handled when using certain regular expressions,
+as demonstrated by causing SpamAssassin and OCSInventory to
+crash.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4777
+
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -11868,8 +11868,25 @@ Perl_save_re_context(pTHX)
+ 
+ 		if (gvp) {
+ 		    GV * const gv = *gvp;
+-		    if (SvTYPE(gv) == SVt_PVGV && GvSV(gv))
+-			save_scalar(gv);
++		    if (SvTYPE(gv) == SVt_PVGV && GvSV(gv)) {
++			/* this is a copy of save_scalar() without the GETMAGIC call, RT#76538 */
++			SV ** const sptr = &GvSVn(gv);
++			SV * osv = *sptr;
++			SV * nsv = newSV(0);
++			save_pushptrptr(SvREFCNT_inc_simple(gv),
++			SvREFCNT_inc(osv), SAVEt_SV);
++			if (SvTYPE(osv) >= SVt_PVMG && SvMAGIC(osv) &&
++			    SvTYPE(osv) != SVt_PVGV) {
++			    if (SvGMAGICAL(osv)) {
++				const bool oldtainted = PL_tainted;
++				SvFLAGS(osv) |= (SvFLAGS(osv) &
++				    (SVp_IOK|SVp_NOK|SVp_POK)) >> PRIVSHIFT;
++				PL_tainted = oldtainted;
++			    }
++			    mg_localize(osv, nsv, 1);
++			}
++			*sptr = nsv;
++		    }
+ 		}
+ 	    }
+ 	}
diff --git a/meta/recipes-devtools/perl/perl-native_5.14.3.bb b/meta/recipes-devtools/perl/perl-native_5.14.3.bb
index 2ef0a5135c..c38be41d49 100644
--- a/meta/recipes-devtools/perl/perl-native_5.14.3.bb
+++ b/meta/recipes-devtools/perl/perl-native_5.14.3.bb
@@ -17,7 +17,8 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \
            file://MM_Unix.pm.patch \
            file://debian/errno_ver.diff \
            file://dynaloaderhack.patch \
-           file://perl-build-in-t-dir.patch"
+           file://perl-build-in-t-dir.patch \
+           file://perl-5.14.3-fix-CVE-2010-4777.patch "
 
 SRC_URI[md5sum] = "f6a3d878c688d111b495c87db56c5be5"
 SRC_URI[sha256sum] = "03638a4f01bc26b81231233671524b4163849a3a9ea5cc2397293080c4ea339f"
diff --git a/meta/recipes-devtools/perl/perl_5.14.3.bb b/meta/recipes-devtools/perl/perl_5.14.3.bb
index c307b99fae..fcd665bf34 100644
--- a/meta/recipes-devtools/perl/perl_5.14.3.bb
+++ b/meta/recipes-devtools/perl/perl_5.14.3.bb
@@ -74,7 +74,8 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \
         file://config.sh-32-be \
         file://config.sh-64 \
         file://config.sh-64-le \
-        file://config.sh-64-be"
+        file://config.sh-64-be \
+        file://perl-5.14.3-fix-CVE-2010-4777.patch "
 #	file://debian/fakeroot.diff
 
 SRC_URI[md5sum] = "f6a3d878c688d111b495c87db56c5be5"